Action not permitted
Modal body text goes here.
CVE-2020-1710
Vulnerability from cvelistv5
Published
2020-09-16 14:28
Modified
2024-08-04 06:46
Severity ?
EPSS score ?
Summary
The issue appears to be that JBoss EAP 6.4.21 does not parse the field-name in accordance to RFC7230[1] as it returns a 200 instead of a 400.
References
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1793970 | Issue Tracking, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1793970 | Issue Tracking, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | JBoss Enterprise Application Platform |
Version: EAP 6.4.21 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T06:46:30.214Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JBoss Enterprise Application Platform", "vendor": "n/a", "versions": [ { "status": "affected", "version": "EAP 6.4.21" } ] } ], "descriptions": [ { "lang": "en", "value": "The issue appears to be that JBoss EAP 6.4.21 does not parse the field-name in accordance to RFC7230[1] as it returns a 200 instead of a 400." } ], "problemTypes": [ { "descriptions": [ { "description": "Improper Neutralization of CRLF Sequences in HTTP Headers", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-09-16T14:28:20", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2020-1710", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JBoss Enterprise Application Platform", "version": { "version_data": [ { "version_value": "EAP 6.4.21" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The issue appears to be that JBoss EAP 6.4.21 does not parse the field-name in accordance to RFC7230[1] as it returns a 200 instead of a 400." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Improper Neutralization of CRLF Sequences in HTTP Headers" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2020-1710", "datePublished": "2020-09-16T14:28:20", "dateReserved": "2019-11-27T00:00:00", "dateUpdated": "2024-08-04T06:46:30.214Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2020-1710\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2020-09-16T15:15:12.457\",\"lastModified\":\"2024-11-21T05:11:13.130\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The issue appears to be that JBoss EAP 6.4.21 does not parse the field-name in accordance to RFC7230[1] as it returns a 200 instead of a 400.\"},{\"lang\":\"es\",\"value\":\"El problema parece ser que JBoss EAP versi\u00f3n 6.4.21, no analiza el nombre de campo de acuerdo con RFC7230[1] ya que devuelve 200 en lugar de 400\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_data_grid:-:*:*:*:text-only:*:*:*\",\"matchCriteriaId\":\"2BF03A52-4068-47EA-8846-1E5FB708CE1A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_data_grid:7.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD354E32-A8B0-484C-B4C6-9FBCD3430D2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:-:*:*:*:text-only:*:*:*\",\"matchCriteriaId\":\"B8423D7F-3A8F-4AD8-BF51-245C9D8DD816\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B9B368A-C894-4D7A-8E64-4B12DDE572E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"72A54BDA-311C-413B-8E4D-388AD65A170A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0952BA1A-5DF9-400F-B01F-C3A398A8A2D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B157A2D-3422-4224-82D9-15AB3B989075\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A33441B3-B301-426C-A976-08CE5FE72EFB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only:*:*:*\",\"matchCriteriaId\":\"341E6313-20D5-44CB-9719-B20585DC5AD6\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1793970\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1793970\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]}]}}" } }
wid-sec-w-2024-1926
Vulnerability from csaf_certbund
Published
2024-08-26 22:00
Modified
2024-11-24 23:00
Summary
Red Hat JBoss Enterprise Application Platform: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
JBoss Enterprise Application Platform ist eine skalierbare Plattform für Java-Anwendungen, inklusive JBoss Application Server, JBoss Hibernate und Boss Seam.
Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Red Hat JBoss Enterprise Application Platform auf Red Hat Enterprise Linux ausnutzen, um beliebigen Programmcode auszuführen, einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen preiszugeben, Dateien und Daten zu manipulieren oder Sicherheitsmaßnahmen zu umgehen.
Betroffene Betriebssysteme
- Sonstiges
- UNIX
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "JBoss Enterprise Application Platform ist eine skalierbare Plattform f\u00fcr Java-Anwendungen, inklusive JBoss Application Server, JBoss Hibernate und Boss Seam.\r\nRed Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein Angreifer kann mehrere Schwachstellen in Red Hat JBoss Enterprise Application Platform auf Red Hat Enterprise Linux ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen preiszugeben, Dateien und Daten zu manipulieren oder Sicherheitsma\u00dfnahmen zu umgehen.", "title": "Angriff" }, { "category": "general", "text": "- Sonstiges\n- UNIX", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2024-1926 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1926.json" }, { "category": "self", "summary": "WID-SEC-2024-1926 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1926" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:5856 vom 2024-08-26", "url": "https://access.redhat.com/errata/RHSA-2024:5856" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:10207 vom 2024-11-25", "url": "https://access.redhat.com/errata/RHSA-2024:10207" } ], "source_lang": "en-US", "title": "Red Hat JBoss Enterprise Application Platform: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-11-24T23:00:00.000+00:00", "generator": { "date": "2024-11-25T09:11:57.787+00:00", "engine": { "name": "BSI-WID", "version": "1.3.8" } }, "id": "WID-SEC-W-2024-1926", "initial_release_date": "2024-08-26T22:00:00.000+00:00", "revision_history": [ { "date": "2024-08-26T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2024-11-24T23:00:00.000+00:00", "number": "2", "summary": "Neue Updates von Red Hat aufgenommen" } ], "status": "final", "version": "2" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "7", "product": { "name": "Red Hat Enterprise Linux 7", "product_id": "T037110", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7" } } } ], "category": "product_name", "name": "Enterprise Linux" }, { "branches": [ { "category": "product_version_range", "name": "\u003c7.1.7", "product": { "name": "Red Hat JBoss Enterprise Application Platform \u003c7.1.7", "product_id": "T037109" } }, { "category": "product_version", "name": "7.1.7", "product": { "name": "Red Hat JBoss Enterprise Application Platform 7.1.7", "product_id": "T037109-fixed", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.1.7" } } }, { "category": "product_version_range", "name": "\u003c7.3.11", "product": { "name": "Red Hat JBoss Enterprise Application Platform \u003c7.3.11", "product_id": "T039412" } }, { "category": "product_version", "name": "7.3.11", "product": { "name": "Red Hat JBoss Enterprise Application Platform 7.3.11", "product_id": "T039412-fixed", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3.11" } } } ], "category": "product_name", "name": "JBoss Enterprise Application Platform" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2019-10086", "notes": [ { "category": "description", "text": "Es gibt mehrere Schwachstellen in Red Hat JBoss Enterprise Application Platform auf Red Hat Enterprise Linux. Diese Schwachstellen bestehen in verschiedenen Komponenten wie Undertow, Log4j und HTTP/2 und FasterXML aufgrund einer Reihe von sicherheitsrelevanten Problemen wie unsachgem\u00e4\u00dfer Eingabevalidierung, unzureichenden Zugriffskontrollen, M\u00e4ngeln in kryptografischen Implementierungen und Fehlkonfigurationen bei der Behandlung von Benutzerdaten oder HTTP-Anfragen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen preiszugeben, Dateien und Daten zu manipulieren oder Sicherheitsma\u00dfnahmen zu umgehen." } ], "product_status": { "known_affected": [ "T037109", "T037110", "T039412" ] }, "release_date": "2024-08-26T22:00:00.000+00:00", "title": "CVE-2019-10086" }, { "cve": "CVE-2019-10174", "notes": [ { "category": "description", "text": "Es gibt mehrere Schwachstellen in Red Hat JBoss Enterprise Application Platform auf Red Hat Enterprise Linux. Diese Schwachstellen bestehen in verschiedenen Komponenten wie Undertow, Log4j und HTTP/2 und FasterXML aufgrund einer Reihe von sicherheitsrelevanten Problemen wie unsachgem\u00e4\u00dfer Eingabevalidierung, unzureichenden Zugriffskontrollen, M\u00e4ngeln in kryptografischen Implementierungen und Fehlkonfigurationen bei der Behandlung von Benutzerdaten oder HTTP-Anfragen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen preiszugeben, Dateien und Daten zu manipulieren oder Sicherheitsma\u00dfnahmen zu umgehen." } ], "product_status": { "known_affected": [ "T037109", "T037110", "T039412" ] }, "release_date": "2024-08-26T22:00:00.000+00:00", "title": "CVE-2019-10174" }, { "cve": "CVE-2019-12384", "notes": [ { "category": "description", "text": "Es gibt mehrere Schwachstellen in Red Hat JBoss Enterprise Application Platform auf Red Hat Enterprise Linux. Diese Schwachstellen bestehen in verschiedenen Komponenten wie Undertow, Log4j und HTTP/2 und FasterXML aufgrund einer Reihe von sicherheitsrelevanten Problemen wie unsachgem\u00e4\u00dfer Eingabevalidierung, unzureichenden Zugriffskontrollen, M\u00e4ngeln in kryptografischen Implementierungen und Fehlkonfigurationen bei der Behandlung von Benutzerdaten oder HTTP-Anfragen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen preiszugeben, Dateien und Daten zu manipulieren oder Sicherheitsma\u00dfnahmen zu umgehen." } ], "product_status": { "known_affected": [ "T037109", "T037110", "T039412" ] }, "release_date": "2024-08-26T22:00:00.000+00:00", "title": "CVE-2019-12384" }, { "cve": "CVE-2019-14379", "notes": [ { "category": "description", "text": "Es gibt mehrere Schwachstellen in Red Hat JBoss Enterprise Application Platform auf Red Hat Enterprise Linux. Diese Schwachstellen bestehen in verschiedenen Komponenten wie Undertow, Log4j und HTTP/2 und FasterXML aufgrund einer Reihe von sicherheitsrelevanten Problemen wie unsachgem\u00e4\u00dfer Eingabevalidierung, unzureichenden Zugriffskontrollen, M\u00e4ngeln in kryptografischen Implementierungen und Fehlkonfigurationen bei der Behandlung von Benutzerdaten oder HTTP-Anfragen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen preiszugeben, Dateien und Daten zu manipulieren oder Sicherheitsma\u00dfnahmen zu umgehen." } ], "product_status": { "known_affected": [ "T037109", "T037110", "T039412" ] }, "release_date": "2024-08-26T22:00:00.000+00:00", "title": "CVE-2019-14379" }, { "cve": "CVE-2019-14843", "notes": [ { "category": "description", "text": "Es gibt mehrere Schwachstellen in Red Hat JBoss Enterprise Application Platform auf Red Hat Enterprise Linux. Diese Schwachstellen bestehen in verschiedenen Komponenten wie Undertow, Log4j und HTTP/2 und FasterXML aufgrund einer Reihe von sicherheitsrelevanten Problemen wie unsachgem\u00e4\u00dfer Eingabevalidierung, unzureichenden Zugriffskontrollen, M\u00e4ngeln in kryptografischen Implementierungen und Fehlkonfigurationen bei der Behandlung von Benutzerdaten oder HTTP-Anfragen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen preiszugeben, Dateien und Daten zu manipulieren oder Sicherheitsma\u00dfnahmen zu umgehen." } ], "product_status": { "known_affected": [ "T037109", "T037110", "T039412" ] }, "release_date": "2024-08-26T22:00:00.000+00:00", "title": "CVE-2019-14843" }, { "cve": "CVE-2019-14888", "notes": [ { "category": "description", "text": "Es gibt mehrere Schwachstellen in Red Hat JBoss Enterprise Application Platform auf Red Hat Enterprise Linux. Diese Schwachstellen bestehen in verschiedenen Komponenten wie Undertow, Log4j und HTTP/2 und FasterXML aufgrund einer Reihe von sicherheitsrelevanten Problemen wie unsachgem\u00e4\u00dfer Eingabevalidierung, unzureichenden Zugriffskontrollen, M\u00e4ngeln in kryptografischen Implementierungen und Fehlkonfigurationen bei der Behandlung von Benutzerdaten oder HTTP-Anfragen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen preiszugeben, Dateien und Daten zu manipulieren oder Sicherheitsma\u00dfnahmen zu umgehen." } ], "product_status": { "known_affected": [ "T037109", "T037110", "T039412" ] }, "release_date": "2024-08-26T22:00:00.000+00:00", "title": "CVE-2019-14888" }, { "cve": "CVE-2019-16869", "notes": [ { "category": "description", "text": "Es gibt mehrere Schwachstellen in Red Hat JBoss Enterprise Application Platform auf Red Hat Enterprise Linux. Diese Schwachstellen bestehen in verschiedenen Komponenten wie Undertow, Log4j und HTTP/2 und FasterXML aufgrund einer Reihe von sicherheitsrelevanten Problemen wie unsachgem\u00e4\u00dfer Eingabevalidierung, unzureichenden Zugriffskontrollen, M\u00e4ngeln in kryptografischen Implementierungen und Fehlkonfigurationen bei der Behandlung von Benutzerdaten oder HTTP-Anfragen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen preiszugeben, Dateien und Daten zu manipulieren oder Sicherheitsma\u00dfnahmen zu umgehen." } ], "product_status": { "known_affected": [ "T037109", "T037110", "T039412" ] }, "release_date": "2024-08-26T22:00:00.000+00:00", "title": "CVE-2019-16869" }, { "cve": "CVE-2019-17531", "notes": [ { "category": "description", "text": "Es gibt mehrere Schwachstellen in Red Hat JBoss Enterprise Application Platform auf Red Hat Enterprise Linux. Diese Schwachstellen bestehen in verschiedenen Komponenten wie Undertow, Log4j und HTTP/2 und FasterXML aufgrund einer Reihe von sicherheitsrelevanten Problemen wie unsachgem\u00e4\u00dfer Eingabevalidierung, unzureichenden Zugriffskontrollen, M\u00e4ngeln in kryptografischen Implementierungen und Fehlkonfigurationen bei der Behandlung von Benutzerdaten oder HTTP-Anfragen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen preiszugeben, Dateien und Daten zu manipulieren oder Sicherheitsma\u00dfnahmen zu umgehen." } ], "product_status": { "known_affected": [ "T037109", "T037110", "T039412" ] }, "release_date": "2024-08-26T22:00:00.000+00:00", "title": "CVE-2019-17531" }, { "cve": "CVE-2019-20444", "notes": [ { "category": "description", "text": "Es gibt mehrere Schwachstellen in Red Hat JBoss Enterprise Application Platform auf Red Hat Enterprise Linux. Diese Schwachstellen bestehen in verschiedenen Komponenten wie Undertow, Log4j und HTTP/2 und FasterXML aufgrund einer Reihe von sicherheitsrelevanten Problemen wie unsachgem\u00e4\u00dfer Eingabevalidierung, unzureichenden Zugriffskontrollen, M\u00e4ngeln in kryptografischen Implementierungen und Fehlkonfigurationen bei der Behandlung von Benutzerdaten oder HTTP-Anfragen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen preiszugeben, Dateien und Daten zu manipulieren oder Sicherheitsma\u00dfnahmen zu umgehen." } ], "product_status": { "known_affected": [ "T037109", "T037110", "T039412" ] }, "release_date": "2024-08-26T22:00:00.000+00:00", "title": "CVE-2019-20444" }, { "cve": "CVE-2019-20445", "notes": [ { "category": "description", "text": "Es gibt mehrere Schwachstellen in Red Hat JBoss Enterprise Application Platform auf Red Hat Enterprise Linux. Diese Schwachstellen bestehen in verschiedenen Komponenten wie Undertow, Log4j und HTTP/2 und FasterXML aufgrund einer Reihe von sicherheitsrelevanten Problemen wie unsachgem\u00e4\u00dfer Eingabevalidierung, unzureichenden Zugriffskontrollen, M\u00e4ngeln in kryptografischen Implementierungen und Fehlkonfigurationen bei der Behandlung von Benutzerdaten oder HTTP-Anfragen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen preiszugeben, Dateien und Daten zu manipulieren oder Sicherheitsma\u00dfnahmen zu umgehen." } ], "product_status": { "known_affected": [ "T037109", "T037110", "T039412" ] }, "release_date": "2024-08-26T22:00:00.000+00:00", "title": "CVE-2019-20445" }, { "cve": "CVE-2019-9511", "notes": [ { "category": "description", "text": "Es gibt mehrere Schwachstellen in Red Hat JBoss Enterprise Application Platform auf Red Hat Enterprise Linux. Diese Schwachstellen bestehen in verschiedenen Komponenten wie Undertow, Log4j und HTTP/2 und FasterXML aufgrund einer Reihe von sicherheitsrelevanten Problemen wie unsachgem\u00e4\u00dfer Eingabevalidierung, unzureichenden Zugriffskontrollen, M\u00e4ngeln in kryptografischen Implementierungen und Fehlkonfigurationen bei der Behandlung von Benutzerdaten oder HTTP-Anfragen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen preiszugeben, Dateien und Daten zu manipulieren oder Sicherheitsma\u00dfnahmen zu umgehen." } ], "product_status": { "known_affected": [ "T037109", "T037110", "T039412" ] }, "release_date": "2024-08-26T22:00:00.000+00:00", "title": "CVE-2019-9511" }, { "cve": "CVE-2019-9512", "notes": [ { "category": "description", "text": "Es gibt mehrere Schwachstellen in Red Hat JBoss Enterprise Application Platform auf Red Hat Enterprise Linux. Diese Schwachstellen bestehen in verschiedenen Komponenten wie Undertow, Log4j und HTTP/2 und FasterXML aufgrund einer Reihe von sicherheitsrelevanten Problemen wie unsachgem\u00e4\u00dfer Eingabevalidierung, unzureichenden Zugriffskontrollen, M\u00e4ngeln in kryptografischen Implementierungen und Fehlkonfigurationen bei der Behandlung von Benutzerdaten oder HTTP-Anfragen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen preiszugeben, Dateien und Daten zu manipulieren oder Sicherheitsma\u00dfnahmen zu umgehen." } ], "product_status": { "known_affected": [ "T037109", "T037110", "T039412" ] }, "release_date": "2024-08-26T22:00:00.000+00:00", "title": "CVE-2019-9512" }, { "cve": "CVE-2019-9514", "notes": [ { "category": "description", "text": "Es gibt mehrere Schwachstellen in Red Hat JBoss Enterprise Application Platform auf Red Hat Enterprise Linux. Diese Schwachstellen bestehen in verschiedenen Komponenten wie Undertow, Log4j und HTTP/2 und FasterXML aufgrund einer Reihe von sicherheitsrelevanten Problemen wie unsachgem\u00e4\u00dfer Eingabevalidierung, unzureichenden Zugriffskontrollen, M\u00e4ngeln in kryptografischen Implementierungen und Fehlkonfigurationen bei der Behandlung von Benutzerdaten oder HTTP-Anfragen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen preiszugeben, Dateien und Daten zu manipulieren oder Sicherheitsma\u00dfnahmen zu umgehen." } ], "product_status": { "known_affected": [ "T037109", "T037110", "T039412" ] }, "release_date": "2024-08-26T22:00:00.000+00:00", "title": "CVE-2019-9514" }, { "cve": "CVE-2019-9515", "notes": [ { "category": "description", "text": "Es gibt mehrere Schwachstellen in Red Hat JBoss Enterprise Application Platform auf Red Hat Enterprise Linux. Diese Schwachstellen bestehen in verschiedenen Komponenten wie Undertow, Log4j und HTTP/2 und FasterXML aufgrund einer Reihe von sicherheitsrelevanten Problemen wie unsachgem\u00e4\u00dfer Eingabevalidierung, unzureichenden Zugriffskontrollen, M\u00e4ngeln in kryptografischen Implementierungen und Fehlkonfigurationen bei der Behandlung von Benutzerdaten oder HTTP-Anfragen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen preiszugeben, Dateien und Daten zu manipulieren oder Sicherheitsma\u00dfnahmen zu umgehen." } ], "product_status": { "known_affected": [ "T037109", "T037110", "T039412" ] }, "release_date": "2024-08-26T22:00:00.000+00:00", "title": "CVE-2019-9515" }, { "cve": "CVE-2020-1710", "notes": [ { "category": "description", "text": "Es gibt mehrere Schwachstellen in Red Hat JBoss Enterprise Application Platform auf Red Hat Enterprise Linux. Diese Schwachstellen bestehen in verschiedenen Komponenten wie Undertow, Log4j und HTTP/2 und FasterXML aufgrund einer Reihe von sicherheitsrelevanten Problemen wie unsachgem\u00e4\u00dfer Eingabevalidierung, unzureichenden Zugriffskontrollen, M\u00e4ngeln in kryptografischen Implementierungen und Fehlkonfigurationen bei der Behandlung von Benutzerdaten oder HTTP-Anfragen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen preiszugeben, Dateien und Daten zu manipulieren oder Sicherheitsma\u00dfnahmen zu umgehen." } ], "product_status": { "known_affected": [ "T037109", "T037110", "T039412" ] }, "release_date": "2024-08-26T22:00:00.000+00:00", "title": "CVE-2020-1710" }, { "cve": "CVE-2020-1745", "notes": [ { "category": "description", "text": "Es gibt mehrere Schwachstellen in Red Hat JBoss Enterprise Application Platform auf Red Hat Enterprise Linux. Diese Schwachstellen bestehen in verschiedenen Komponenten wie Undertow, Log4j und HTTP/2 und FasterXML aufgrund einer Reihe von sicherheitsrelevanten Problemen wie unsachgem\u00e4\u00dfer Eingabevalidierung, unzureichenden Zugriffskontrollen, M\u00e4ngeln in kryptografischen Implementierungen und Fehlkonfigurationen bei der Behandlung von Benutzerdaten oder HTTP-Anfragen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen preiszugeben, Dateien und Daten zu manipulieren oder Sicherheitsma\u00dfnahmen zu umgehen." } ], "product_status": { "known_affected": [ "T037109", "T037110", "T039412" ] }, "release_date": "2024-08-26T22:00:00.000+00:00", "title": "CVE-2020-1745" }, { "cve": "CVE-2020-1757", "notes": [ { "category": "description", "text": "Es gibt mehrere Schwachstellen in Red Hat JBoss Enterprise Application Platform auf Red Hat Enterprise Linux. Diese Schwachstellen bestehen in verschiedenen Komponenten wie Undertow, Log4j und HTTP/2 und FasterXML aufgrund einer Reihe von sicherheitsrelevanten Problemen wie unsachgem\u00e4\u00dfer Eingabevalidierung, unzureichenden Zugriffskontrollen, M\u00e4ngeln in kryptografischen Implementierungen und Fehlkonfigurationen bei der Behandlung von Benutzerdaten oder HTTP-Anfragen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen preiszugeben, Dateien und Daten zu manipulieren oder Sicherheitsma\u00dfnahmen zu umgehen." } ], "product_status": { "known_affected": [ "T037109", "T037110", "T039412" ] }, "release_date": "2024-08-26T22:00:00.000+00:00", "title": "CVE-2020-1757" }, { "cve": "CVE-2021-4104", "notes": [ { "category": "description", "text": "Es gibt mehrere Schwachstellen in Red Hat JBoss Enterprise Application Platform auf Red Hat Enterprise Linux. Diese Schwachstellen bestehen in verschiedenen Komponenten wie Undertow, Log4j und HTTP/2 und FasterXML aufgrund einer Reihe von sicherheitsrelevanten Problemen wie unsachgem\u00e4\u00dfer Eingabevalidierung, unzureichenden Zugriffskontrollen, M\u00e4ngeln in kryptografischen Implementierungen und Fehlkonfigurationen bei der Behandlung von Benutzerdaten oder HTTP-Anfragen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen preiszugeben, Dateien und Daten zu manipulieren oder Sicherheitsma\u00dfnahmen zu umgehen." } ], "product_status": { "known_affected": [ "T037109", "T037110", "T039412" ] }, "release_date": "2024-08-26T22:00:00.000+00:00", "title": "CVE-2021-4104" }, { "cve": "CVE-2022-23302", "notes": [ { "category": "description", "text": "Es gibt mehrere Schwachstellen in Red Hat JBoss Enterprise Application Platform auf Red Hat Enterprise Linux. Diese Schwachstellen bestehen in verschiedenen Komponenten wie Undertow, Log4j und HTTP/2 und FasterXML aufgrund einer Reihe von sicherheitsrelevanten Problemen wie unsachgem\u00e4\u00dfer Eingabevalidierung, unzureichenden Zugriffskontrollen, M\u00e4ngeln in kryptografischen Implementierungen und Fehlkonfigurationen bei der Behandlung von Benutzerdaten oder HTTP-Anfragen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen preiszugeben, Dateien und Daten zu manipulieren oder Sicherheitsma\u00dfnahmen zu umgehen." } ], "product_status": { "known_affected": [ "T037109", "T037110", "T039412" ] }, "release_date": "2024-08-26T22:00:00.000+00:00", "title": "CVE-2022-23302" }, { "cve": "CVE-2022-23305", "notes": [ { "category": "description", "text": "Es gibt mehrere Schwachstellen in Red Hat JBoss Enterprise Application Platform auf Red Hat Enterprise Linux. Diese Schwachstellen bestehen in verschiedenen Komponenten wie Undertow, Log4j und HTTP/2 und FasterXML aufgrund einer Reihe von sicherheitsrelevanten Problemen wie unsachgem\u00e4\u00dfer Eingabevalidierung, unzureichenden Zugriffskontrollen, M\u00e4ngeln in kryptografischen Implementierungen und Fehlkonfigurationen bei der Behandlung von Benutzerdaten oder HTTP-Anfragen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen preiszugeben, Dateien und Daten zu manipulieren oder Sicherheitsma\u00dfnahmen zu umgehen." } ], "product_status": { "known_affected": [ "T037109", "T037110", "T039412" ] }, "release_date": "2024-08-26T22:00:00.000+00:00", "title": "CVE-2022-23305" }, { "cve": "CVE-2022-23307", "notes": [ { "category": "description", "text": "Es gibt mehrere Schwachstellen in Red Hat JBoss Enterprise Application Platform auf Red Hat Enterprise Linux. Diese Schwachstellen bestehen in verschiedenen Komponenten wie Undertow, Log4j und HTTP/2 und FasterXML aufgrund einer Reihe von sicherheitsrelevanten Problemen wie unsachgem\u00e4\u00dfer Eingabevalidierung, unzureichenden Zugriffskontrollen, M\u00e4ngeln in kryptografischen Implementierungen und Fehlkonfigurationen bei der Behandlung von Benutzerdaten oder HTTP-Anfragen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen preiszugeben, Dateien und Daten zu manipulieren oder Sicherheitsma\u00dfnahmen zu umgehen." } ], "product_status": { "known_affected": [ "T037109", "T037110", "T039412" ] }, "release_date": "2024-08-26T22:00:00.000+00:00", "title": "CVE-2022-23307" } ] }
rhsa-2020_3463
Vulnerability from csaf_redhat
Published
2020-08-17 13:28
Modified
2024-12-08 11:27
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.2 security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.3.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.1 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.2 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)
* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)
* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)
* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)
* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)
* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)
* undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)
* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)
* wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)
* wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.3.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.1 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.2 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)\n\n* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)\n\n* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)\n\n* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)\n\n* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)\n\n* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)\n\n* undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)\n\n* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)\n\n* wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)\n\n* wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:3463", "url": "https://access.redhat.com/errata/RHSA-2020:3463" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/" }, { "category": "external", "summary": "1666499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499" }, { "category": "external", "summary": "1694235", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235" }, { "category": "external", "summary": "1785049", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" }, { "category": "external", "summary": "1793970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" }, { "category": "external", "summary": "1805501", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501" }, { "category": "external", "summary": "1807707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707" }, { "category": "external", "summary": "1815470", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470" }, { "category": "external", "summary": "1815495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495" }, { "category": "external", "summary": "1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "1828476", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476" }, { "category": "external", "summary": "1834512", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512" }, { "category": "external", "summary": "1853595", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595" }, { "category": "external", "summary": "JBEAP-19095", "url": "https://issues.redhat.com/browse/JBEAP-19095" }, { "category": "external", "summary": "JBEAP-19134", "url": "https://issues.redhat.com/browse/JBEAP-19134" }, { "category": "external", "summary": "JBEAP-19185", "url": "https://issues.redhat.com/browse/JBEAP-19185" }, { "category": "external", "summary": "JBEAP-19203", "url": "https://issues.redhat.com/browse/JBEAP-19203" }, { "category": "external", "summary": "JBEAP-19269", "url": "https://issues.redhat.com/browse/JBEAP-19269" }, { "category": "external", "summary": "JBEAP-19322", "url": "https://issues.redhat.com/browse/JBEAP-19322" }, { "category": "external", "summary": "JBEAP-19325", "url": "https://issues.redhat.com/browse/JBEAP-19325" }, { "category": "external", "summary": "JBEAP-19397", "url": "https://issues.redhat.com/browse/JBEAP-19397" }, { "category": "external", "summary": "JBEAP-19410", "url": "https://issues.redhat.com/browse/JBEAP-19410" }, { "category": "external", "summary": "JBEAP-19411", "url": "https://issues.redhat.com/browse/JBEAP-19411" }, { "category": "external", "summary": "JBEAP-19529", "url": "https://issues.redhat.com/browse/JBEAP-19529" }, { "category": "external", "summary": "JBEAP-19564", "url": "https://issues.redhat.com/browse/JBEAP-19564" }, { "category": "external", "summary": "JBEAP-19585", "url": "https://issues.redhat.com/browse/JBEAP-19585" }, { "category": "external", "summary": "JBEAP-19617", "url": "https://issues.redhat.com/browse/JBEAP-19617" }, { "category": "external", "summary": "JBEAP-19619", "url": "https://issues.redhat.com/browse/JBEAP-19619" }, { "category": "external", "summary": "JBEAP-19673", "url": "https://issues.redhat.com/browse/JBEAP-19673" }, { "category": "external", "summary": "JBEAP-19674", "url": "https://issues.redhat.com/browse/JBEAP-19674" }, { "category": "external", "summary": "JBEAP-19874", "url": "https://issues.redhat.com/browse/JBEAP-19874" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3463.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.2 security update", "tracking": { "current_release_date": "2024-12-08T11:27:40+00:00", "generator": { "date": "2024-12-08T11:27:40+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2020:3463", "initial_release_date": "2020-08-17T13:28:45+00:00", "revision_history": [ { "date": "2020-08-17T13:28:45+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-08-17T13:28:45+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-08T11:27:40+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss EAP 7.3 for BaseOS-8", "product": { "name": "Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-elytron-web@1.6.2-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "product": { "name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "product_id": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.8-1.SP1_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "product": { "name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "product_id": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.9-11.SP11_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "product": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-4.SP04_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.10.7-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty@4.1.48-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan@9.4.19-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "product": { "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "product_id": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.10.4-1.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "product": { "name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "product_id": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-common@1.5.2-1.Final_redhat_00002.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "product": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "product_id": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-dom4j@2.1.3-1.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.1.15-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.17-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.20-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-genericjms@2.0.6-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.2.9-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.22-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "product": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "product_id": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.0.30-4.SP4_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "product": { "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "product_id": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.10.4-1.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "product": { "name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "product_id": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-core@2.10.4-1.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "product": { "name": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "product_id": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-providers@2.10.4-1.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "product": { "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "product_id": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.10.4-1.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "product": { "name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "product_id": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.10.4-1.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "product": { "name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "product_id": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.1-7.Final_redhat_00009.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-client@1.0.22-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "product": { "name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "product_id": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.3.2-4.GA_redhat_00002.1.el8eap?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow-server@1.6.2-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.8-1.SP1_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "product_id": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.9-11.SP11_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-4.SP04_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.10.7-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.10.7-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty@4.1.48-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-all@4.1.48-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan@9.4.19-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-jdbc@9.4.19-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-remote@9.4.19-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-client-hotrod@9.4.19-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-commons@9.4.19-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-core@9.4.19-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-commons@9.4.19-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-spi@9.4.19-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-v53@9.4.19-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.10.4-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "product_id": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-common@1.5.2-1.Final_redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-dom4j@2.1.3-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.1.15-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.17-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.17-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.17-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.17-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.17-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.20-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator-cdi@6.0.20-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-genericjms@2.0.6-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.2.9-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "product_id": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.0.30-4.SP4_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.10.4-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-core@2.10.4-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-base@2.10.4-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-json-provider@2.10.4-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-datatype-jdk8@2.10.4-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-datatype-jsr310@2.10.4-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.10.4-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-module-jaxb-annotations@2.10.4-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.10.4-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4-to-eap7.3@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2-to-eap7.3@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.3-server@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly13.0-server@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly14.0-server@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly15.0-server@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly16.0-server@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly17.0-server@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly18.0-server@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-client-common@1.0.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-ejb-client@1.0.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-naming-client@1.0.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-transaction-client@1.0.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "product_id": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.3.2-4.GA_redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "product_id": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.3.2-4.GA_redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "product_id": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.3.2-4.GA_redhat_00002.1.el8eap?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src" }, "product_reference": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src" }, "product_reference": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src" }, "product_reference": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Guillaume Smet" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2019-14900", "cwe": { "id": "CWE-89", "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)" }, "discovery_date": "2019-01-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1666499" } ], "notes": [ { "category": "description", "text": "A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "hibernate: SQL injection issue in Hibernate ORM", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenDaylight:\nIn RHOSP10, RHOSP13 and RHOSP14 editions of Red Hat OpenStack platform, the hibernate-jfa library shipped with OpenDaylight is contains a flaw in the processing of SQL queries. The hibernate-jha implemenation is not used in a vulnerable way in OpenDaylight, preventing the potential for SQL injection.\n\nRed Hat Satellite 6.2, 6.3 and 6.4 contains affected versions of hibernate-core in its candlepin component. However, that component does not use hibernate-core in a vulnerable way.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-14900" }, { "category": "external", "summary": "RHBZ#1666499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-14900", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14900" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900" } ], "release_date": "2020-05-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:45+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3463" }, { "category": "workaround", "details": "There is no currently known mitigation for this flaw.", "product_ids": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hibernate: SQL injection issue in Hibernate ORM" }, { "cve": "CVE-2020-1710", "cwe": { "id": "CWE-113", "name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)" }, "discovery_date": "2019-12-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1793970" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in JBoss EAP, where it does not process the header field-name in accordance with RFC7230. Whitespace between the header field-name and colon is processed, resulting in an HTTP response code of 200 instead of a bad request of 400.", "title": "Vulnerability description" }, { "category": "summary", "text": "EAP: field-name is not parsed in accordance to RFC7230", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1710" }, { "category": "external", "summary": "RHBZ#1793970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1710", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1710" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:45+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3463" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "EAP: field-name is not parsed in accordance to RFC7230" }, { "cve": "CVE-2020-1748", "cwe": { "id": "CWE-285", "name": "Improper Authorization" }, "discovery_date": "2020-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1807707" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.", "title": "Vulnerability description" }, { "category": "summary", "text": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1748" }, { "category": "external", "summary": "RHBZ#1807707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1748", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1748" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:45+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3463" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain" }, { "cve": "CVE-2020-10672", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1815495" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10672" }, { "category": "external", "summary": "RHBZ#1815495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10672", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10672" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672" } ], "release_date": "2020-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:45+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3463" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution" }, { "cve": "CVE-2020-10673", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1815470" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time. Additionally, the gadget is not available within Red Hat Openstack Platform\u0027s OpenDaylight.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10673" }, { "category": "external", "summary": "RHBZ#1815470", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10673", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10673" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673" } ], "release_date": "2020-03-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:45+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3463" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution" }, { "acknowledgments": [ { "names": [ "Adith Sudhakar" ] } ], "cve": "CVE-2020-10683", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2019-03-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1694235" } ], "notes": [ { "category": "description", "text": "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.", "title": "Vulnerability description" }, { "category": "summary", "text": "dom4j: XML External Entity vulnerability in default SAX parser", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform ships a vulnerable version of dom4j library. However it\u0027s used to parse configuration files, which are local disk resources. We\u0027ve rated this issue with a moderate impact for OpenShift Container Platform.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10683" }, { "category": "external", "summary": "RHBZ#1694235", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10683", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10683" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:45+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3463" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "dom4j: XML External Entity vulnerability in default SAX parser" }, { "acknowledgments": [ { "names": [ "Aaron Ogburn" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-10687", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2019-06-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1785049" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.", "title": "Vulnerability description" }, { "category": "summary", "text": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10687" }, { "category": "external", "summary": "RHBZ#1785049", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10687", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10687" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:45+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3463" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests" }, { "acknowledgments": [ { "names": [ "Alvaro Mu\u00f1oz" ], "organization": "GitHub Security Labs" } ], "cve": "CVE-2020-10693", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2020-02-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1805501" } ], "notes": [ { "category": "description", "text": "A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.", "title": "Vulnerability description" }, { "category": "summary", "text": "hibernate-validator: Improper input validation in the interpolation of constraint error messages", "title": "Vulnerability summary" }, { "category": "other", "text": "hibernate-validator is packaged with Red Hat OpenStack Platform 13.0\u0027s OpenDaylight (ODL). However, because ODL is technical preview in this version and the flaw is moderate, Red Hat will not be releasing a fix for the OpenStack package at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10693" }, { "category": "external", "summary": "RHBZ#1805501", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10693", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10693" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693" } ], "release_date": "2020-05-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:45+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3463" }, { "category": "workaround", "details": "You can pass user input as an expression variable by unwrapping the context to HibernateConstraintValidatorContext. Please refer to the https://in.relation.to/2020/05/07/hibernate-validator-615-6020-released/ and https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#_the_code_constraintvalidatorcontext_code.", "product_ids": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hibernate-validator: Improper input validation in the interpolation of constraint error messages" }, { "acknowledgments": [ { "names": [ "Mark Banierink" ], "organization": "Nedap" } ], "cve": "CVE-2020-10714", "cwe": { "id": "CWE-384", "name": "Session Fixation" }, "discovery_date": "2020-03-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1825714" } ], "notes": [ { "category": "description", "text": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly-elytron: session fixation when using FORM authentication", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10714" }, { "category": "external", "summary": "RHBZ#1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10714", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10714" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714" } ], "release_date": "2020-04-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:45+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3463" }, { "category": "workaround", "details": "This attack is dependent on the attacker being able to create a session and the victim accessing the session before the session expires, we do have a 15 minute session timeout by default but the attacker could also keep this alive by say sending in a request every five minutes.\n\nThe server by default supports session tracking by URL and Cookie, if the web.xml is updated to support COOKIE only the exploit is not possible by sharing the link.\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eURL\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~\nTO\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eCOOKIE\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~", "product_ids": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly-elytron: session fixation when using FORM authentication" }, { "acknowledgments": [ { "names": [ "James R. Perkins" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-10718", "cwe": { "id": "CWE-749", "name": "Exposed Dangerous Method or Function" }, "discovery_date": "2020-03-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1828476" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10718" }, { "category": "external", "summary": "RHBZ#1828476", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10718", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10718" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:45+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3463" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API" }, { "acknowledgments": [ { "names": [ "Moritz Bechler" ], "organization": "SySS GmbH" } ], "cve": "CVE-2020-10740", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1834512" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans (EJB) due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10740" }, { "category": "external", "summary": "RHBZ#1834512", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10740", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10740" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740" } ], "release_date": "2020-06-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:45+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3463" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans" }, { "cve": "CVE-2020-11612", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-03-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816216" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error (OOME) or exhaustion of the memory pool.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform end users don\u0027t have direct access to send requests to ElasticSearch. A user could need access to the ElasticSearch service on the internal cluster network in order to be able to send malicious requests to it.\n\n\nThird party scanners flagging Red Hat Satellite due to availability of the higher version packages in Red Hat AMQ Clients (through errata RHSA-2020:2605) compare to the qpid packages from Satellite Tools repository. qpid dependency fixed in errata RHSA-2020:2605 was for Red Hat AMQ Clients and it doesn\u0027t necessarily mean that packages from Satellite Tools are affected. These are two different products with different architecture and code-base. Updating the packages from any other repository than the Satellite-tools repository is not recommended for Satellite Customers. \n\nRed Hat Satellite 6.7 and earlier ship affected version of netty, however, there is no external connection being exposed and it is used by only Artemis to open an internal connection within the JVM. Since netty does not come into contact with untrusted data, vulnerability is not exposed in product code and there is no breach of Confidentiality, Integrity or Availability expected from this vulnerability. We may update the netty and its dependency in a future release.\n\nMore information regarding Satellite related packages can be found on KCS: https://access.redhat.com/solutions/5200591", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11612" }, { "category": "external", "summary": "RHBZ#1816216", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816216" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11612", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11612" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612" } ], "release_date": "2020-01-31T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:45+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3463" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes" }, { "cve": "CVE-2020-14297", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-07-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1853595" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly\u0027s EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14297" }, { "category": "external", "summary": "RHBZ#1853595", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14297", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14297" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297" } ], "release_date": "2020-07-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:45+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3463" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service" }, { "cve": "CVE-2020-14307", "cwe": { "id": "CWE-404", "name": "Improper Resource Shutdown or Release" }, "discovery_date": "2020-06-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1851327" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Wildfly\u0027s Enterprise Java Beans (EJB), where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14307" }, { "category": "external", "summary": "RHBZ#1851327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14307", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14307" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307" } ], "release_date": "2020-07-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:45+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3463" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service" } ] }
rhsa-2020_3638
Vulnerability from csaf_redhat
Published
2020-09-07 12:58
Modified
2024-12-08 11:28
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 7 security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This release of Red Hat JBoss Enterprise Application Platform 7.2.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)
* jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)
* jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)
* jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)
* undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)
* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)
* jsf-impl: Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 (CVE-2020-6950)
* resteasy-jaxrs: resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)
* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)
* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)
* wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)
* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)
* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)
* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)
• wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)
* jboss-ejb-client: wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service (CVE-2020-14307)
* jboss-ejb-client: wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "This release of Red Hat JBoss Enterprise Application Platform 7.2.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)\n\n* jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)\n\n* jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)\n\n* jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)\n\n* undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)\n\n* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)\n\n* jsf-impl: Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 (CVE-2020-6950)\n\n* resteasy-jaxrs: resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)\n\n* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)\n\n* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)\n\n* wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)\n\n* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)\n\n* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)\n\n* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)\n\n\u2022 wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)\n\n* jboss-ejb-client: wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service (CVE-2020-14307)\n\n* jboss-ejb-client: wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:3638", "url": "https://access.redhat.com/errata/RHSA-2020:3638" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/" }, { "category": "external", "summary": "1666499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499" }, { "category": "external", "summary": "1694235", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235" }, { "category": "external", "summary": "1730462", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730462" }, { "category": "external", "summary": "1785049", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" }, { "category": "external", "summary": "1793970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" }, { "category": "external", "summary": "1805006", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805006" }, { "category": "external", "summary": "1805501", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501" }, { "category": "external", "summary": "1807707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707" }, { "category": "external", "summary": "1815470", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470" }, { "category": "external", "summary": "1815495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495" }, { "category": "external", "summary": "1816330", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816330" }, { "category": "external", "summary": "1816332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816332" }, { "category": "external", "summary": "1816337", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816337" }, { "category": "external", "summary": "1816340", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816340" }, { "category": "external", "summary": "1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "1828476", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476" }, { "category": "external", "summary": "1834512", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512" }, { "category": "external", "summary": "1851327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327" }, { "category": "external", "summary": "1853595", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595" }, { "category": "external", "summary": "JBEAP-18366", "url": "https://issues.redhat.com/browse/JBEAP-18366" }, { "category": "external", "summary": "JBEAP-18667", "url": "https://issues.redhat.com/browse/JBEAP-18667" }, { "category": "external", "summary": "JBEAP-18849", "url": "https://issues.redhat.com/browse/JBEAP-18849" }, { "category": "external", "summary": "JBEAP-18880", "url": "https://issues.redhat.com/browse/JBEAP-18880" }, { "category": "external", "summary": "JBEAP-18906", "url": "https://issues.redhat.com/browse/JBEAP-18906" }, { "category": "external", "summary": "JBEAP-18919", "url": "https://issues.redhat.com/browse/JBEAP-18919" }, { "category": "external", "summary": "JBEAP-18965", "url": "https://issues.redhat.com/browse/JBEAP-18965" }, { "category": "external", "summary": "JBEAP-19039", "url": "https://issues.redhat.com/browse/JBEAP-19039" }, { "category": "external", "summary": "JBEAP-19058", "url": "https://issues.redhat.com/browse/JBEAP-19058" }, { "category": "external", "summary": "JBEAP-19120", "url": "https://issues.redhat.com/browse/JBEAP-19120" }, { "category": "external", "summary": "JBEAP-19255", "url": "https://issues.redhat.com/browse/JBEAP-19255" }, { "category": "external", "summary": "JBEAP-19271", "url": "https://issues.redhat.com/browse/JBEAP-19271" }, { "category": "external", "summary": "JBEAP-19315", "url": "https://issues.redhat.com/browse/JBEAP-19315" }, { "category": "external", "summary": "JBEAP-19463", "url": "https://issues.redhat.com/browse/JBEAP-19463" }, { "category": "external", "summary": "JBEAP-19565", "url": "https://issues.redhat.com/browse/JBEAP-19565" }, { "category": "external", "summary": "JBEAP-19587", "url": "https://issues.redhat.com/browse/JBEAP-19587" }, { "category": "external", "summary": "JBEAP-19620", "url": "https://issues.redhat.com/browse/JBEAP-19620" }, { "category": "external", "summary": "JBEAP-19624", "url": "https://issues.redhat.com/browse/JBEAP-19624" }, { "category": "external", "summary": "JBEAP-19703", "url": "https://issues.redhat.com/browse/JBEAP-19703" }, { "category": "external", "summary": "JBEAP-19704", "url": "https://issues.redhat.com/browse/JBEAP-19704" }, { "category": "external", "summary": "JBEAP-19798", "url": "https://issues.redhat.com/browse/JBEAP-19798" }, { "category": "external", "summary": "JBEAP-19837", "url": "https://issues.redhat.com/browse/JBEAP-19837" }, { "category": "external", "summary": "JBEAP-19875", "url": "https://issues.redhat.com/browse/JBEAP-19875" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3638.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 7 security update", "tracking": { "current_release_date": "2024-12-08T11:28:23+00:00", "generator": { "date": "2024-12-08T11:28:23+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2020:3638", "initial_release_date": "2020-09-07T12:58:33+00:00", "revision_history": [ { "date": "2020-09-07T12:58:33+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-09-07T12:58:33+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-08T11:28:23+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product": { "name": "Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.20-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator-cdi@6.0.20-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow-server@1.2.5-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-dom4j@2.1.3-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-atom-provider@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-cdi@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-client@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-client-microprofile@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-crypto@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jackson-provider@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jackson2-provider@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jaxb-provider@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jaxrs@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jettison-provider@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jose-jwt@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jsapi@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-json-binding-provider@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-json-p-provider@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-multipart-provider@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-rxjava2@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-spring@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-validator-provider-11@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-yaml-provider@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.6-4.SP3_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.9.10.4-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.17-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.17-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.17-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.17-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.17-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-genericjms@2.0.6-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "product_id": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.0.30-4.SP4_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.6.8-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "product": { "name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "product_id": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.5-13.SP3_redhat_00011.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "product": { "name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "product_id": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@2.3.5-7.SP2_redhat_00005.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.1.15-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "product": { "name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "product_id": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-core@3.0.6-4.Final_redhat_00004.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "product": { "name": "eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "product_id": "eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-core-impl@3.0.6-4.Final_redhat_00004.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "product": { "name": "eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "product_id": "eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-core-jsf@3.0.6-4.Final_redhat_00004.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "product": { "name": "eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "product_id": "eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-ejb@3.0.6-4.Final_redhat_00004.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "product": { "name": "eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "product_id": "eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-jta@3.0.6-4.Final_redhat_00004.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "product": { "name": "eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "product_id": "eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-probe-core@3.0.6-4.Final_redhat_00004.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "product": { "name": "eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "product_id": "eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-web@3.0.6-4.Final_redhat_00004.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-modules@1.8.10-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.11-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.0.23-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly13.0-server@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly14.0-server@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-client-common@1.0.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-ejb-client@1.0.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-naming-client@1.0.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-transaction-client@1.0.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "product": { "name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "product_id": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.2.9-4.GA_redhat_00003.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "product": { "name": "eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "product_id": "eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.2.9-4.GA_redhat_00003.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "product": { "name": "eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "product_id": "eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.2.9-4.GA_redhat_00003.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "product": { "name": "eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "product_id": "eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.2.9-4.GA_redhat_00003.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "product": { "name": "eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "product_id": "eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.2.9-4.GA_redhat_00003.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.20-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-elytron-web@1.2.5-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "product": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "product_id": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-dom4j@2.1.3-1.redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "product": { "name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "product_id": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "product": { "name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "product_id": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.6-4.SP3_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "product": { "name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "product_id": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.9.10.4-1.redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.17-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-genericjms@2.0.6-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "product": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "product_id": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.0.30-4.SP4_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.6.8-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "product": { "name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "product_id": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.5-13.SP3_redhat_00011.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "product": { "name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "product_id": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@2.3.5-7.SP2_redhat_00005.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.1.15-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "product": { "name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "product_id": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-core@3.0.6-4.Final_redhat_00004.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-modules@1.8.10-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.11-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.0.23-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "product": { "name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "product_id": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.3.1-13.Final_redhat_00014.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-client@1.0.22-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "product": { "name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "product_id": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.2.9-4.GA_redhat_00003.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.22-1.Final_redhat_00001.1.el7eap?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src" }, "product_reference": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch" }, "product_reference": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src" }, "product_reference": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch" }, "product_reference": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src" }, "product_reference": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src" }, "product_reference": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch" }, "product_reference": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src" }, "product_reference": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch" }, "product_reference": "eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch" }, "product_reference": "eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch" }, "product_reference": "eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch" }, "product_reference": "eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch" }, "product_reference": "eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch" }, "product_reference": "eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src" }, "product_reference": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.2" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Guillaume Smet" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2019-14900", "cwe": { "id": "CWE-89", "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)" }, "discovery_date": "2019-01-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1666499" } ], "notes": [ { "category": "description", "text": "A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "hibernate: SQL injection issue in Hibernate ORM", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenDaylight:\nIn RHOSP10, RHOSP13 and RHOSP14 editions of Red Hat OpenStack platform, the hibernate-jfa library shipped with OpenDaylight is contains a flaw in the processing of SQL queries. The hibernate-jha implemenation is not used in a vulnerable way in OpenDaylight, preventing the potential for SQL injection.\n\nRed Hat Satellite 6.2, 6.3 and 6.4 contains affected versions of hibernate-core in its candlepin component. However, that component does not use hibernate-core in a vulnerable way.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-14900" }, { "category": "external", "summary": "RHBZ#1666499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-14900", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14900" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900" } ], "release_date": "2020-05-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3638" }, { "category": "workaround", "details": "There is no currently known mitigation for this flaw.", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hibernate: SQL injection issue in Hibernate ORM" }, { "acknowledgments": [ { "names": [ "Mirko Selber" ], "organization": "Compass Security" } ], "cve": "CVE-2020-1695", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2019-07-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1730462" } ], "notes": [ { "category": "description", "text": "A flaw was found in Resteasy, where an improper input validation results in returning an illegal header that integrates into the server\u0027s response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.", "title": "Vulnerability description" }, { "category": "summary", "text": "resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1695" }, { "category": "external", "summary": "RHBZ#1730462", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730462" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1695", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1695" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1695", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1695" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3638" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" }, "products": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class" }, { "cve": "CVE-2020-1710", "cwe": { "id": "CWE-113", "name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)" }, "discovery_date": "2019-12-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1793970" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in JBoss EAP, where it does not process the header field-name in accordance with RFC7230. Whitespace between the header field-name and colon is processed, resulting in an HTTP response code of 200 instead of a bad request of 400.", "title": "Vulnerability description" }, { "category": "summary", "text": "EAP: field-name is not parsed in accordance to RFC7230", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1710" }, { "category": "external", "summary": "RHBZ#1793970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1710", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1710" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3638" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "EAP: field-name is not parsed in accordance to RFC7230" }, { "cve": "CVE-2020-1748", "cwe": { "id": "CWE-285", "name": "Improper Authorization" }, "discovery_date": "2020-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1807707" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.", "title": "Vulnerability description" }, { "category": "summary", "text": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1748" }, { "category": "external", "summary": "RHBZ#1807707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1748", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1748" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3638" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain" }, { "acknowledgments": [ { "names": [ "An Trinh" ] } ], "cve": "CVE-2020-6950", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2019-12-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1805006" } ], "notes": [ { "category": "description", "text": "A flaw was found in Eclipse Mojarra before version 2.3.14, where it is vulnerable to a path traversal flaw via the loc parameter or the con parameter. An attacker could exploit this flaw to read arbitrary files.", "title": "Vulnerability description" }, { "category": "summary", "text": "Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-6950" }, { "category": "external", "summary": "RHBZ#1805006", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805006" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6950", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6950" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6950", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6950" }, { "category": "external", "summary": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=550943", "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=550943" }, { "category": "external", "summary": "https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24", "url": "https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24" }, { "category": "external", "summary": "https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741", "url": "https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741" }, { "category": "external", "summary": "https://github.com/eclipse-ee4j/mojarra/issues/4571", "url": "https://github.com/eclipse-ee4j/mojarra/issues/4571" }, { "category": "external", "summary": "https://github.com/javaserverfaces/mojarra/issues/4364", "url": "https://github.com/javaserverfaces/mojarra/issues/4364" } ], "release_date": "2020-02-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3638" }, { "category": "workaround", "details": "There is no currently known mitigation for this flaw.", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371" }, { "cve": "CVE-2020-8840", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816330" } ], "notes": [ { "category": "description", "text": "A flaw was found in FasterXML jackson-databind in versions 2.0.0 through 2.9.10.2. A \"gadget\" exploit is possible due to a lack of a Java object being blocking from being deserialized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Lacks certain xbean-reflect/JNDI blocking", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-8840" }, { "category": "external", "summary": "RHBZ#1816330", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816330" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8840", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8840" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8840", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8840" } ], "release_date": "2020-03-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3638" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Lacks certain xbean-reflect/JNDI blocking" }, { "cve": "CVE-2020-9546", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816332" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in shaded-hikari-config", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-9546" }, { "category": "external", "summary": "RHBZ#1816332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816332" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-9546", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9546" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9546", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9546" } ], "release_date": "2020-03-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3638" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in shaded-hikari-config" }, { "cve": "CVE-2020-9547", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816337" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in ibatis-sqlmap", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-9547" }, { "category": "external", "summary": "RHBZ#1816337", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816337" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-9547", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9547" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9547", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9547" } ], "release_date": "2020-03-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3638" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in ibatis-sqlmap" }, { "cve": "CVE-2020-9548", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816340" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in anteros-core", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-9548" }, { "category": "external", "summary": "RHBZ#1816340", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816340" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-9548", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9548" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9548", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9548" } ], "release_date": "2020-03-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3638" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in anteros-core" }, { "cve": "CVE-2020-10672", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1815495" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10672" }, { "category": "external", "summary": "RHBZ#1815495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10672", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10672" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672" } ], "release_date": "2020-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3638" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution" }, { "cve": "CVE-2020-10673", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1815470" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time. Additionally, the gadget is not available within Red Hat Openstack Platform\u0027s OpenDaylight.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10673" }, { "category": "external", "summary": "RHBZ#1815470", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10673", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10673" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673" } ], "release_date": "2020-03-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3638" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution" }, { "acknowledgments": [ { "names": [ "Adith Sudhakar" ] } ], "cve": "CVE-2020-10683", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2019-03-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1694235" } ], "notes": [ { "category": "description", "text": "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.", "title": "Vulnerability description" }, { "category": "summary", "text": "dom4j: XML External Entity vulnerability in default SAX parser", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform ships a vulnerable version of dom4j library. However it\u0027s used to parse configuration files, which are local disk resources. We\u0027ve rated this issue with a moderate impact for OpenShift Container Platform.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10683" }, { "category": "external", "summary": "RHBZ#1694235", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10683", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10683" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3638" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "dom4j: XML External Entity vulnerability in default SAX parser" }, { "acknowledgments": [ { "names": [ "Aaron Ogburn" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-10687", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2019-06-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1785049" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.", "title": "Vulnerability description" }, { "category": "summary", "text": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10687" }, { "category": "external", "summary": "RHBZ#1785049", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10687", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10687" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3638" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests" }, { "acknowledgments": [ { "names": [ "Alvaro Mu\u00f1oz" ], "organization": "GitHub Security Labs" } ], "cve": "CVE-2020-10693", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2020-02-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1805501" } ], "notes": [ { "category": "description", "text": "A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.", "title": "Vulnerability description" }, { "category": "summary", "text": "hibernate-validator: Improper input validation in the interpolation of constraint error messages", "title": "Vulnerability summary" }, { "category": "other", "text": "hibernate-validator is packaged with Red Hat OpenStack Platform 13.0\u0027s OpenDaylight (ODL). However, because ODL is technical preview in this version and the flaw is moderate, Red Hat will not be releasing a fix for the OpenStack package at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10693" }, { "category": "external", "summary": "RHBZ#1805501", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10693", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10693" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693" } ], "release_date": "2020-05-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3638" }, { "category": "workaround", "details": "You can pass user input as an expression variable by unwrapping the context to HibernateConstraintValidatorContext. Please refer to the https://in.relation.to/2020/05/07/hibernate-validator-615-6020-released/ and https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#_the_code_constraintvalidatorcontext_code.", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hibernate-validator: Improper input validation in the interpolation of constraint error messages" }, { "acknowledgments": [ { "names": [ "Mark Banierink" ], "organization": "Nedap" } ], "cve": "CVE-2020-10714", "cwe": { "id": "CWE-384", "name": "Session Fixation" }, "discovery_date": "2020-03-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1825714" } ], "notes": [ { "category": "description", "text": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly-elytron: session fixation when using FORM authentication", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10714" }, { "category": "external", "summary": "RHBZ#1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10714", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10714" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714" } ], "release_date": "2020-04-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3638" }, { "category": "workaround", "details": "This attack is dependent on the attacker being able to create a session and the victim accessing the session before the session expires, we do have a 15 minute session timeout by default but the attacker could also keep this alive by say sending in a request every five minutes.\n\nThe server by default supports session tracking by URL and Cookie, if the web.xml is updated to support COOKIE only the exploit is not possible by sharing the link.\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eURL\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~\nTO\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eCOOKIE\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly-elytron: session fixation when using FORM authentication" }, { "acknowledgments": [ { "names": [ "James R. Perkins" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-10718", "cwe": { "id": "CWE-749", "name": "Exposed Dangerous Method or Function" }, "discovery_date": "2020-03-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1828476" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10718" }, { "category": "external", "summary": "RHBZ#1828476", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10718", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10718" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3638" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API" }, { "acknowledgments": [ { "names": [ "Moritz Bechler" ], "organization": "SySS GmbH" } ], "cve": "CVE-2020-10740", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1834512" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans (EJB) due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10740" }, { "category": "external", "summary": "RHBZ#1834512", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10740", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10740" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740" } ], "release_date": "2020-06-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3638" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans" }, { "cve": "CVE-2020-14297", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-07-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1853595" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly\u0027s EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14297" }, { "category": "external", "summary": "RHBZ#1853595", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14297", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14297" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297" } ], "release_date": "2020-07-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3638" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service" }, { "cve": "CVE-2020-14307", "cwe": { "id": "CWE-404", "name": "Improper Resource Shutdown or Release" }, "discovery_date": "2020-06-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1851327" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Wildfly\u0027s Enterprise Java Beans (EJB), where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14307" }, { "category": "external", "summary": "RHBZ#1851327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14307", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14307" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307" } ], "release_date": "2020-07-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3638" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service" } ] }
rhsa-2020_3501
Vulnerability from csaf_redhat
Published
2020-08-18 16:34
Modified
2024-12-08 11:27
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.4.2 security update
Notes
Topic
A security update is now available for Red Hat Single Sign-On 7.4 from the Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.4.2 serves as a replacement for Red Hat Single Sign-On 7.4.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)
* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)
* keycloak: DoS by sending multiple simultaneous requests with a Content-Length header value greater than actual byte count of request body (CVE-2020-10758)
* Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)
* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)
* Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)
* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)
* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)
* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)
* wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service (CVE-2020-14307)
* netty: compression/decompression codecs don't enforce limits on buffer allocation sizes (CVE-2020-11612)
* keycloak: security headers missing on REST endpoints (CVE-2020-1728)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A security update is now available for Red Hat Single Sign-On 7.4 from the Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.4.2 serves as a replacement for Red Hat Single Sign-On 7.4.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)\n\n* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)\n\n* keycloak: DoS by sending multiple simultaneous requests with a Content-Length header value greater than actual byte count of request body (CVE-2020-10758)\n\n* Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)\n\n* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)\n\n* Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)\n\n* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)\n\n* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)\n\n* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)\n\n* wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service (CVE-2020-14307)\n\n* netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes (CVE-2020-11612)\n\n* keycloak: security headers missing on REST endpoints (CVE-2020-1728)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:3501", "url": "https://access.redhat.com/errata/RHSA-2020:3501" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.rhsso\u0026downloadType=securityPatches\u0026version=7.4", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.rhsso\u0026downloadType=securityPatches\u0026version=7.4" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.4/", "url": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.4/" }, { "category": "external", "summary": "1694235", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235" }, { "category": "external", "summary": "1785049", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" }, { "category": "external", "summary": "1793970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" }, { "category": "external", "summary": "1800585", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800585" }, { "category": "external", "summary": "1805501", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501" }, { "category": "external", "summary": "1807707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707" }, { "category": "external", "summary": "1815470", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470" }, { "category": "external", "summary": "1815495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495" }, { "category": "external", "summary": "1816216", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816216" }, { "category": "external", "summary": "1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "1828476", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476" }, { "category": "external", "summary": "1834512", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512" }, { "category": "external", "summary": "1843849", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843849" }, { "category": "external", "summary": "1851327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3501.json" } ], "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.4.2 security update", "tracking": { "current_release_date": "2024-12-08T11:27:58+00:00", "generator": { "date": "2024-12-08T11:27:58+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2020:3501", "initial_release_date": "2020-08-18T16:34:33+00:00", "revision_history": [ { "date": "2020-08-18T16:34:33+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-08-18T16:34:33+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-08T11:27:58+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Single Sign-On 7.4.2", "product": { "name": "Red Hat Single Sign-On 7.4.2", "product_id": "Red Hat Single Sign-On 7.4.2", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_single_sign_on:7.4" } } } ], "category": "product_family", "name": "Red Hat Single Sign-On" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-1710", "cwe": { "id": "CWE-113", "name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)" }, "discovery_date": "2019-12-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1793970" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in JBoss EAP, where it does not process the header field-name in accordance with RFC7230. Whitespace between the header field-name and colon is processed, resulting in an HTTP response code of 200 instead of a bad request of 400.", "title": "Vulnerability description" }, { "category": "summary", "text": "EAP: field-name is not parsed in accordance to RFC7230", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.4.2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1710" }, { "category": "external", "summary": "RHBZ#1793970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1710", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1710" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-18T16:34:33+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.4.2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3501" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "Red Hat Single Sign-On 7.4.2" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.4.2" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "EAP: field-name is not parsed in accordance to RFC7230" }, { "cve": "CVE-2020-1728", "cwe": { "id": "CWE-358", "name": "Improperly Implemented Security Check for Standard" }, "discovery_date": "2020-02-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1800585" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak\u2019s Admin Console, where it is missing HTTP security headers in HTTP responses. This issue is not a direct vulnerability and may not lead to a security issue, but increases the chances of allowing attackers to exploit other security flaws. Examples of these possible exploits are servers being prone to clickjacking, channel downgrade attacks, and other similar client-based attack vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: security headers missing on REST endpoints", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.4.2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1728" }, { "category": "external", "summary": "RHBZ#1800585", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800585" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1728", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1728" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1728", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1728" } ], "release_date": "2019-11-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-18T16:34:33+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.4.2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3501" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.4.2" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "keycloak: security headers missing on REST endpoints" }, { "cve": "CVE-2020-1748", "cwe": { "id": "CWE-285", "name": "Improper Authorization" }, "discovery_date": "2020-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1807707" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.", "title": "Vulnerability description" }, { "category": "summary", "text": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.4.2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1748" }, { "category": "external", "summary": "RHBZ#1807707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1748", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1748" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-18T16:34:33+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.4.2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3501" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.4.2" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain" }, { "cve": "CVE-2020-10672", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1815495" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.4.2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10672" }, { "category": "external", "summary": "RHBZ#1815495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10672", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10672" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672" } ], "release_date": "2020-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-18T16:34:33+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.4.2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3501" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.4.2" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution" }, { "cve": "CVE-2020-10673", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1815470" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time. Additionally, the gadget is not available within Red Hat Openstack Platform\u0027s OpenDaylight.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.4.2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10673" }, { "category": "external", "summary": "RHBZ#1815470", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10673", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10673" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673" } ], "release_date": "2020-03-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-18T16:34:33+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.4.2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3501" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.4.2" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution" }, { "acknowledgments": [ { "names": [ "Adith Sudhakar" ] } ], "cve": "CVE-2020-10683", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2019-03-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1694235" } ], "notes": [ { "category": "description", "text": "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.", "title": "Vulnerability description" }, { "category": "summary", "text": "dom4j: XML External Entity vulnerability in default SAX parser", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform ships a vulnerable version of dom4j library. However it\u0027s used to parse configuration files, which are local disk resources. We\u0027ve rated this issue with a moderate impact for OpenShift Container Platform.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.4.2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10683" }, { "category": "external", "summary": "RHBZ#1694235", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10683", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10683" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-18T16:34:33+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.4.2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3501" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.0" }, "products": [ "Red Hat Single Sign-On 7.4.2" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "dom4j: XML External Entity vulnerability in default SAX parser" }, { "acknowledgments": [ { "names": [ "Aaron Ogburn" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-10687", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2019-06-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1785049" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.", "title": "Vulnerability description" }, { "category": "summary", "text": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.4.2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10687" }, { "category": "external", "summary": "RHBZ#1785049", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10687", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10687" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-18T16:34:33+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.4.2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3501" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "Red Hat Single Sign-On 7.4.2" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests" }, { "acknowledgments": [ { "names": [ "Alvaro Mu\u00f1oz" ], "organization": "GitHub Security Labs" } ], "cve": "CVE-2020-10693", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2020-02-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1805501" } ], "notes": [ { "category": "description", "text": "A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.", "title": "Vulnerability description" }, { "category": "summary", "text": "hibernate-validator: Improper input validation in the interpolation of constraint error messages", "title": "Vulnerability summary" }, { "category": "other", "text": "hibernate-validator is packaged with Red Hat OpenStack Platform 13.0\u0027s OpenDaylight (ODL). However, because ODL is technical preview in this version and the flaw is moderate, Red Hat will not be releasing a fix for the OpenStack package at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.4.2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10693" }, { "category": "external", "summary": "RHBZ#1805501", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10693", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10693" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693" } ], "release_date": "2020-05-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-18T16:34:33+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.4.2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3501" }, { "category": "workaround", "details": "You can pass user input as an expression variable by unwrapping the context to HibernateConstraintValidatorContext. Please refer to the https://in.relation.to/2020/05/07/hibernate-validator-615-6020-released/ and https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#_the_code_constraintvalidatorcontext_code.", "product_ids": [ "Red Hat Single Sign-On 7.4.2" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.4.2" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hibernate-validator: Improper input validation in the interpolation of constraint error messages" }, { "acknowledgments": [ { "names": [ "Mark Banierink" ], "organization": "Nedap" } ], "cve": "CVE-2020-10714", "cwe": { "id": "CWE-384", "name": "Session Fixation" }, "discovery_date": "2020-03-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1825714" } ], "notes": [ { "category": "description", "text": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly-elytron: session fixation when using FORM authentication", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.4.2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10714" }, { "category": "external", "summary": "RHBZ#1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10714", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10714" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714" } ], "release_date": "2020-04-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-18T16:34:33+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.4.2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3501" }, { "category": "workaround", "details": "This attack is dependent on the attacker being able to create a session and the victim accessing the session before the session expires, we do have a 15 minute session timeout by default but the attacker could also keep this alive by say sending in a request every five minutes.\n\nThe server by default supports session tracking by URL and Cookie, if the web.xml is updated to support COOKIE only the exploit is not possible by sharing the link.\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eURL\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~\nTO\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eCOOKIE\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~", "product_ids": [ "Red Hat Single Sign-On 7.4.2" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.4.2" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly-elytron: session fixation when using FORM authentication" }, { "acknowledgments": [ { "names": [ "James R. Perkins" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-10718", "cwe": { "id": "CWE-749", "name": "Exposed Dangerous Method or Function" }, "discovery_date": "2020-03-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1828476" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.4.2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10718" }, { "category": "external", "summary": "RHBZ#1828476", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10718", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10718" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-18T16:34:33+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.4.2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3501" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.4.2" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API" }, { "acknowledgments": [ { "names": [ "Moritz Bechler" ], "organization": "SySS GmbH" } ], "cve": "CVE-2020-10740", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1834512" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans (EJB) due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.4.2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10740" }, { "category": "external", "summary": "RHBZ#1834512", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10740", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10740" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740" } ], "release_date": "2020-06-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-18T16:34:33+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.4.2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3501" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "Red Hat Single Sign-On 7.4.2" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.4.2" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans" }, { "acknowledgments": [ { "names": [ "Matt Hamilton" ], "organization": "Soluble.ai" } ], "cve": "CVE-2020-10758", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-06-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1843849" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak. This flaw allows an attacker to perform a denial of service attack by sending multiple simultaneous requests with a Content-Length header value greater than the actual byte count of the request body. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: DoS by sending multiple simultaneous requests with a Content-Length header value greater than actual byte count of request body", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.4.2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10758" }, { "category": "external", "summary": "RHBZ#1843849", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843849" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10758", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10758" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10758", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10758" } ], "release_date": "2020-08-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-18T16:34:33+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.4.2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3501" }, { "category": "workaround", "details": "- The possibility of this issue largely depends on the environment, specifically the load balancer or reverse proxies between the client and the server. The issue occurs when there is no load balancer in place.\n\n- Proper tuning of HTTP request timeout and keycloak database max pool size can mitigate this issue :\nbin/jboss-cli.sh --connect --commands=\u0027/subsystem=transactions:write-attribute(name=default-timeout,value=30),/subsystem=undertow/server=default-server/http-listener=default/:write-attribute(name=read-timeout,value=30000),/subsystem=undertow/server=default-server/https-listener=https/:write-attribute(name=read-timeout,value=30000),/subsystem=datasources/data-source=KeycloakDS/:write-attribute(name=max-pool-size,value=100),reload\u0027", "product_ids": [ "Red Hat Single Sign-On 7.4.2" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.4.2" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "keycloak: DoS by sending multiple simultaneous requests with a Content-Length header value greater than actual byte count of request body" }, { "cve": "CVE-2020-11612", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-03-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816216" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error (OOME) or exhaustion of the memory pool.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform end users don\u0027t have direct access to send requests to ElasticSearch. A user could need access to the ElasticSearch service on the internal cluster network in order to be able to send malicious requests to it.\n\n\nThird party scanners flagging Red Hat Satellite due to availability of the higher version packages in Red Hat AMQ Clients (through errata RHSA-2020:2605) compare to the qpid packages from Satellite Tools repository. qpid dependency fixed in errata RHSA-2020:2605 was for Red Hat AMQ Clients and it doesn\u0027t necessarily mean that packages from Satellite Tools are affected. These are two different products with different architecture and code-base. Updating the packages from any other repository than the Satellite-tools repository is not recommended for Satellite Customers. \n\nRed Hat Satellite 6.7 and earlier ship affected version of netty, however, there is no external connection being exposed and it is used by only Artemis to open an internal connection within the JVM. Since netty does not come into contact with untrusted data, vulnerability is not exposed in product code and there is no breach of Confidentiality, Integrity or Availability expected from this vulnerability. We may update the netty and its dependency in a future release.\n\nMore information regarding Satellite related packages can be found on KCS: https://access.redhat.com/solutions/5200591", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.4.2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11612" }, { "category": "external", "summary": "RHBZ#1816216", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816216" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11612", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11612" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612" } ], "release_date": "2020-01-31T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-18T16:34:33+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.4.2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3501" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.4.2" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes" }, { "cve": "CVE-2020-14297", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-07-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1853595" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly\u0027s EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.4.2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14297" }, { "category": "external", "summary": "RHBZ#1853595", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14297", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14297" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297" } ], "release_date": "2020-07-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-18T16:34:33+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.4.2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3501" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.4.2" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service" }, { "cve": "CVE-2020-14307", "cwe": { "id": "CWE-404", "name": "Improper Resource Shutdown or Release" }, "discovery_date": "2020-06-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1851327" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Wildfly\u0027s Enterprise Java Beans (EJB), where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.4.2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14307" }, { "category": "external", "summary": "RHBZ#1851327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14307", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14307" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307" } ], "release_date": "2020-07-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-18T16:34:33+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.4.2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3501" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.4.2" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service" } ] }
rhsa-2020_3462
Vulnerability from csaf_redhat
Published
2020-08-17 13:28
Modified
2024-12-08 11:27
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.2 security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.3.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.1, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.2 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)
* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)
* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)
* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)
* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)
* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)
* undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)
* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)
* wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)
* wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.3.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.1, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.2 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)\n\n* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)\n\n* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)\n\n* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)\n\n* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)\n\n* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)\n\n* undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)\n\n* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)\n\n* wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)\n\n* wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:3462", "url": "https://access.redhat.com/errata/RHSA-2020:3462" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/" }, { "category": "external", "summary": "1666499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499" }, { "category": "external", "summary": "1694235", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235" }, { "category": "external", "summary": "1785049", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" }, { "category": "external", "summary": "1793970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" }, { "category": "external", "summary": "1805501", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501" }, { "category": "external", "summary": "1807707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707" }, { "category": "external", "summary": "1815470", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470" }, { "category": "external", "summary": "1815495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495" }, { "category": "external", "summary": "1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "1828476", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476" }, { "category": "external", "summary": "1834512", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512" }, { "category": "external", "summary": "1853595", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595" }, { "category": "external", "summary": "JBEAP-19095", "url": "https://issues.redhat.com/browse/JBEAP-19095" }, { "category": "external", "summary": "JBEAP-19134", "url": "https://issues.redhat.com/browse/JBEAP-19134" }, { "category": "external", "summary": "JBEAP-19185", "url": "https://issues.redhat.com/browse/JBEAP-19185" }, { "category": "external", "summary": "JBEAP-19203", "url": "https://issues.redhat.com/browse/JBEAP-19203" }, { "category": "external", "summary": "JBEAP-19269", "url": "https://issues.redhat.com/browse/JBEAP-19269" }, { "category": "external", "summary": "JBEAP-19322", "url": "https://issues.redhat.com/browse/JBEAP-19322" }, { "category": "external", "summary": "JBEAP-19325", "url": "https://issues.redhat.com/browse/JBEAP-19325" }, { "category": "external", "summary": "JBEAP-19397", "url": "https://issues.redhat.com/browse/JBEAP-19397" }, { "category": "external", "summary": "JBEAP-19410", "url": "https://issues.redhat.com/browse/JBEAP-19410" }, { "category": "external", "summary": "JBEAP-19529", "url": "https://issues.redhat.com/browse/JBEAP-19529" }, { "category": "external", "summary": "JBEAP-19564", "url": "https://issues.redhat.com/browse/JBEAP-19564" }, { "category": "external", "summary": "JBEAP-19585", "url": "https://issues.redhat.com/browse/JBEAP-19585" }, { "category": "external", "summary": "JBEAP-19617", "url": "https://issues.redhat.com/browse/JBEAP-19617" }, { "category": "external", "summary": "JBEAP-19619", "url": "https://issues.redhat.com/browse/JBEAP-19619" }, { "category": "external", "summary": "JBEAP-19673", "url": "https://issues.redhat.com/browse/JBEAP-19673" }, { "category": "external", "summary": "JBEAP-19674", "url": "https://issues.redhat.com/browse/JBEAP-19674" }, { "category": "external", "summary": "JBEAP-19874", "url": "https://issues.redhat.com/browse/JBEAP-19874" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3462.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.2 security update", "tracking": { "current_release_date": "2024-12-08T11:27:31+00:00", "generator": { "date": "2024-12-08T11:27:31+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2020:3462", "initial_release_date": "2020-08-17T13:28:06+00:00", "revision_history": [ { "date": "2020-08-17T13:28:06+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-08-17T13:28:06+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-08T11:27:31+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product": { "name": "Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-elytron-web@1.6.2-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "product": { "name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "product_id": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.8-1.SP1_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "product": { "name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "product_id": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.9-11.SP11_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "product": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-4.SP04_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty@4.1.48-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.10.7-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan@9.4.19-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "product": { "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "product_id": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.10.4-1.redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "product": { "name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "product_id": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-common@1.5.2-1.Final_redhat_00002.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "product": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "product_id": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-dom4j@2.1.3-1.redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.1.15-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.17-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.20-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-genericjms@2.0.6-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.2.9-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.22-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "product": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "product_id": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.0.30-4.SP4_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "product": { "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "product_id": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.10.4-1.redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "product": { "name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "product_id": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-core@2.10.4-1.redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "product": { "name": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "product_id": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-providers@2.10.4-1.redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "product": { "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "product_id": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.10.4-1.redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "product": { "name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "product_id": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.10.4-1.redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "product": { "name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "product_id": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.1-7.Final_redhat_00009.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-client@1.0.22-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "product": { "name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "product_id": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.3.2-4.GA_redhat_00002.1.el7eap?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow-server@1.6.2-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.8-1.SP1_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "product_id": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.9-11.SP11_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-4.SP04_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty@4.1.48-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-all@4.1.48-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.10.7-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.10.7-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan@9.4.19-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-jdbc@9.4.19-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-remote@9.4.19-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-client-hotrod@9.4.19-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-commons@9.4.19-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-core@9.4.19-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-commons@9.4.19-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-spi@9.4.19-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-v53@9.4.19-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.10.4-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "product_id": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-common@1.5.2-1.Final_redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-dom4j@2.1.3-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.1.15-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.17-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.17-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.17-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.17-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.17-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.20-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator-cdi@6.0.20-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-genericjms@2.0.6-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.2.9-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "product_id": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.0.30-4.SP4_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.10.4-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-core@2.10.4-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-base@2.10.4-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-json-provider@2.10.4-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-datatype-jdk8@2.10.4-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-datatype-jsr310@2.10.4-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.10.4-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-module-jaxb-annotations@2.10.4-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.10.4-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4-to-eap7.3@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2-to-eap7.3@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.3-server@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly13.0-server@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly14.0-server@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly15.0-server@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly16.0-server@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly17.0-server@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly18.0-server@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-client-common@1.0.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-ejb-client@1.0.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-naming-client@1.0.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-transaction-client@1.0.22-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "product_id": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.3.2-4.GA_redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "product_id": "eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.3.2-4.GA_redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "product_id": "eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.3.2-4.GA_redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "product_id": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.3.2-4.GA_redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "product_id": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.3.2-4.GA_redhat_00002.1.el7eap?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src" }, "product_reference": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src" }, "product_reference": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src" }, "product_reference": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src" }, "product_reference": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Guillaume Smet" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2019-14900", "cwe": { "id": "CWE-89", "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)" }, "discovery_date": "2019-01-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1666499" } ], "notes": [ { "category": "description", "text": "A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "hibernate: SQL injection issue in Hibernate ORM", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenDaylight:\nIn RHOSP10, RHOSP13 and RHOSP14 editions of Red Hat OpenStack platform, the hibernate-jfa library shipped with OpenDaylight is contains a flaw in the processing of SQL queries. The hibernate-jha implemenation is not used in a vulnerable way in OpenDaylight, preventing the potential for SQL injection.\n\nRed Hat Satellite 6.2, 6.3 and 6.4 contains affected versions of hibernate-core in its candlepin component. However, that component does not use hibernate-core in a vulnerable way.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-14900" }, { "category": "external", "summary": "RHBZ#1666499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-14900", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14900" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900" } ], "release_date": "2020-05-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3462" }, { "category": "workaround", "details": "There is no currently known mitigation for this flaw.", "product_ids": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hibernate: SQL injection issue in Hibernate ORM" }, { "cve": "CVE-2020-1710", "cwe": { "id": "CWE-113", "name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)" }, "discovery_date": "2019-12-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1793970" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in JBoss EAP, where it does not process the header field-name in accordance with RFC7230. Whitespace between the header field-name and colon is processed, resulting in an HTTP response code of 200 instead of a bad request of 400.", "title": "Vulnerability description" }, { "category": "summary", "text": "EAP: field-name is not parsed in accordance to RFC7230", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1710" }, { "category": "external", "summary": "RHBZ#1793970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1710", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1710" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3462" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "EAP: field-name is not parsed in accordance to RFC7230" }, { "cve": "CVE-2020-1748", "cwe": { "id": "CWE-285", "name": "Improper Authorization" }, "discovery_date": "2020-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1807707" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.", "title": "Vulnerability description" }, { "category": "summary", "text": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1748" }, { "category": "external", "summary": "RHBZ#1807707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1748", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1748" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3462" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain" }, { "cve": "CVE-2020-10672", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1815495" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10672" }, { "category": "external", "summary": "RHBZ#1815495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10672", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10672" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672" } ], "release_date": "2020-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3462" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution" }, { "cve": "CVE-2020-10673", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1815470" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time. Additionally, the gadget is not available within Red Hat Openstack Platform\u0027s OpenDaylight.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10673" }, { "category": "external", "summary": "RHBZ#1815470", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10673", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10673" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673" } ], "release_date": "2020-03-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3462" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution" }, { "acknowledgments": [ { "names": [ "Adith Sudhakar" ] } ], "cve": "CVE-2020-10683", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2019-03-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1694235" } ], "notes": [ { "category": "description", "text": "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.", "title": "Vulnerability description" }, { "category": "summary", "text": "dom4j: XML External Entity vulnerability in default SAX parser", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform ships a vulnerable version of dom4j library. However it\u0027s used to parse configuration files, which are local disk resources. We\u0027ve rated this issue with a moderate impact for OpenShift Container Platform.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10683" }, { "category": "external", "summary": "RHBZ#1694235", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10683", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10683" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3462" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "dom4j: XML External Entity vulnerability in default SAX parser" }, { "acknowledgments": [ { "names": [ "Aaron Ogburn" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-10687", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2019-06-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1785049" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.", "title": "Vulnerability description" }, { "category": "summary", "text": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10687" }, { "category": "external", "summary": "RHBZ#1785049", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10687", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10687" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3462" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests" }, { "acknowledgments": [ { "names": [ "Alvaro Mu\u00f1oz" ], "organization": "GitHub Security Labs" } ], "cve": "CVE-2020-10693", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2020-02-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1805501" } ], "notes": [ { "category": "description", "text": "A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.", "title": "Vulnerability description" }, { "category": "summary", "text": "hibernate-validator: Improper input validation in the interpolation of constraint error messages", "title": "Vulnerability summary" }, { "category": "other", "text": "hibernate-validator is packaged with Red Hat OpenStack Platform 13.0\u0027s OpenDaylight (ODL). However, because ODL is technical preview in this version and the flaw is moderate, Red Hat will not be releasing a fix for the OpenStack package at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10693" }, { "category": "external", "summary": "RHBZ#1805501", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10693", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10693" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693" } ], "release_date": "2020-05-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3462" }, { "category": "workaround", "details": "You can pass user input as an expression variable by unwrapping the context to HibernateConstraintValidatorContext. Please refer to the https://in.relation.to/2020/05/07/hibernate-validator-615-6020-released/ and https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#_the_code_constraintvalidatorcontext_code.", "product_ids": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hibernate-validator: Improper input validation in the interpolation of constraint error messages" }, { "acknowledgments": [ { "names": [ "Mark Banierink" ], "organization": "Nedap" } ], "cve": "CVE-2020-10714", "cwe": { "id": "CWE-384", "name": "Session Fixation" }, "discovery_date": "2020-03-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1825714" } ], "notes": [ { "category": "description", "text": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly-elytron: session fixation when using FORM authentication", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10714" }, { "category": "external", "summary": "RHBZ#1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10714", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10714" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714" } ], "release_date": "2020-04-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3462" }, { "category": "workaround", "details": "This attack is dependent on the attacker being able to create a session and the victim accessing the session before the session expires, we do have a 15 minute session timeout by default but the attacker could also keep this alive by say sending in a request every five minutes.\n\nThe server by default supports session tracking by URL and Cookie, if the web.xml is updated to support COOKIE only the exploit is not possible by sharing the link.\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eURL\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~\nTO\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eCOOKIE\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~", "product_ids": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly-elytron: session fixation when using FORM authentication" }, { "acknowledgments": [ { "names": [ "James R. Perkins" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-10718", "cwe": { "id": "CWE-749", "name": "Exposed Dangerous Method or Function" }, "discovery_date": "2020-03-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1828476" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10718" }, { "category": "external", "summary": "RHBZ#1828476", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10718", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10718" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3462" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API" }, { "acknowledgments": [ { "names": [ "Moritz Bechler" ], "organization": "SySS GmbH" } ], "cve": "CVE-2020-10740", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1834512" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans (EJB) due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10740" }, { "category": "external", "summary": "RHBZ#1834512", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10740", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10740" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740" } ], "release_date": "2020-06-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3462" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans" }, { "cve": "CVE-2020-11612", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-03-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816216" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error (OOME) or exhaustion of the memory pool.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform end users don\u0027t have direct access to send requests to ElasticSearch. A user could need access to the ElasticSearch service on the internal cluster network in order to be able to send malicious requests to it.\n\n\nThird party scanners flagging Red Hat Satellite due to availability of the higher version packages in Red Hat AMQ Clients (through errata RHSA-2020:2605) compare to the qpid packages from Satellite Tools repository. qpid dependency fixed in errata RHSA-2020:2605 was for Red Hat AMQ Clients and it doesn\u0027t necessarily mean that packages from Satellite Tools are affected. These are two different products with different architecture and code-base. Updating the packages from any other repository than the Satellite-tools repository is not recommended for Satellite Customers. \n\nRed Hat Satellite 6.7 and earlier ship affected version of netty, however, there is no external connection being exposed and it is used by only Artemis to open an internal connection within the JVM. Since netty does not come into contact with untrusted data, vulnerability is not exposed in product code and there is no breach of Confidentiality, Integrity or Availability expected from this vulnerability. We may update the netty and its dependency in a future release.\n\nMore information regarding Satellite related packages can be found on KCS: https://access.redhat.com/solutions/5200591", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11612" }, { "category": "external", "summary": "RHBZ#1816216", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816216" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11612", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11612" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612" } ], "release_date": "2020-01-31T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3462" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes" }, { "cve": "CVE-2020-14297", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-07-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1853595" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly\u0027s EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14297" }, { "category": "external", "summary": "RHBZ#1853595", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14297", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14297" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297" } ], "release_date": "2020-07-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3462" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service" }, { "cve": "CVE-2020-14307", "cwe": { "id": "CWE-404", "name": "Improper Resource Shutdown or Release" }, "discovery_date": "2020-06-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1851327" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Wildfly\u0027s Enterprise Java Beans (EJB), where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14307" }, { "category": "external", "summary": "RHBZ#1851327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14307", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14307" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307" } ], "release_date": "2020-07-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3462" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service" } ] }
rhsa-2020_3779
Vulnerability from csaf_redhat
Published
2020-09-17 13:07
Modified
2024-11-22 15:41
Summary
Red Hat Security Advisory: Red Hat Data Grid 7.3.7 security update
Notes
Topic
An update for Red Hat Data Grid is now available.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project.
This release of Red Hat Data Grid 7.3.7 serves as a replacement for Red Hat Data Grid 7.3.6 and includes bug fixes and enhancements, which are described in the Release Notes, linked to in the References section of this erratum.
Security Fix(es):
* jetty: Incorrect header handling (CVE-2017-7658)
* EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)
* undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745)
* undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass (CVE-2020-1757)
* jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)
* jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)
* jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)
* jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)
* jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider (CVE-2020-10968)
* jackson-databind: Serialization gadgets in javax.swing.JEditorPane (CVE-2020-10969)
* jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory (CVE-2020-11111)
* jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider (CVE-2020-11112)
* jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime (CVE-2020-11113)
* jackson-databind: Serialization gadgets in org.springframework:spring-aop (CVE-2020-11619)
* jackson-databind: Serialization gadgets in commons-jelly:commons-jelly (CVE-2020-11620)
* jackson-mapper-asl: XML external entity similar to CVE-2016-3720 (CVE-2019-10172)
* resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)
* Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain (CVE-2020-1719)
* Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)
* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)
* netty: compression/decompression codecs don't enforce limits on buffer allocation sizes (CVE-2020-11612)
* log4j: improper validation of certificate with host mismatch in SMTP appender (CVE-2020-9488)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for Red Hat Data Grid is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project.\n\nThis release of Red Hat Data Grid 7.3.7 serves as a replacement for Red Hat Data Grid 7.3.6 and includes bug fixes and enhancements, which are described in the Release Notes, linked to in the References section of this erratum.\n\nSecurity Fix(es):\n\n* jetty: Incorrect header handling (CVE-2017-7658)\n\n* EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)\n\n* undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745)\n\n* undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass (CVE-2020-1757)\n\n* jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)\n\n* jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)\n\n* jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)\n\n* jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)\n\n* jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider (CVE-2020-10968)\n\n* jackson-databind: Serialization gadgets in javax.swing.JEditorPane (CVE-2020-10969)\n\n* jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory (CVE-2020-11111)\n\n* jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider (CVE-2020-11112)\n\n* jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime (CVE-2020-11113)\n\n* jackson-databind: Serialization gadgets in org.springframework:spring-aop (CVE-2020-11619)\n\n* jackson-databind: Serialization gadgets in commons-jelly:commons-jelly (CVE-2020-11620)\n\n* jackson-mapper-asl: XML external entity similar to CVE-2016-3720 (CVE-2019-10172)\n\n* resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)\n\n* Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain (CVE-2020-1719)\n\n* Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)\n\n* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)\n\n* netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes (CVE-2020-11612)\n\n* log4j: improper validation of certificate with host mismatch in SMTP appender (CVE-2020-9488)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:3779", "url": "https://access.redhat.com/errata/RHSA-2020:3779" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=data.grid\u0026downloadType=securityPatches\u0026version=7.3", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=data.grid\u0026downloadType=securityPatches\u0026version=7.3" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html/red_hat_data_grid_7.3_release_notes/index", "url": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html/red_hat_data_grid_7.3_release_notes/index" }, { "category": "external", "summary": "1595621", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595621" }, { "category": "external", "summary": "1715075", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1715075" }, { "category": "external", "summary": "1730462", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730462" }, { "category": "external", "summary": "1752770", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752770" }, { "category": "external", "summary": "1793970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" }, { "category": "external", "summary": "1796617", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796617" }, { "category": "external", "summary": "1807305", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807305" }, { "category": "external", "summary": "1807707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707" }, { "category": "external", "summary": "1815470", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470" }, { "category": "external", "summary": "1815495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495" }, { "category": "external", "summary": "1816216", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816216" }, { "category": "external", "summary": "1816330", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816330" }, { "category": "external", "summary": "1816332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816332" }, { "category": "external", "summary": "1816337", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816337" }, { "category": "external", "summary": "1816340", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816340" }, { "category": "external", "summary": "1819208", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819208" }, { "category": "external", "summary": "1819212", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819212" }, { "category": "external", "summary": "1821304", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1821304" }, { "category": "external", "summary": "1821311", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1821311" }, { "category": "external", "summary": "1821315", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1821315" }, { "category": "external", "summary": "1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "1826798", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1826798" }, { "category": "external", "summary": "1826805", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1826805" }, { "category": "external", "summary": "1831139", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1831139" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3779.json" } ], "title": "Red Hat Security Advisory: Red Hat Data Grid 7.3.7 security update", "tracking": { "current_release_date": "2024-11-22T15:41:35+00:00", "generator": { "date": "2024-11-22T15:41:35+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2020:3779", "initial_release_date": "2020-09-17T13:07:49+00:00", "revision_history": [ { "date": "2020-09-17T13:07:49+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-09-17T13:07:49+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T15:41:35+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Data Grid 7.3.7", "product": { "name": "Red Hat Data Grid 7.3.7", "product_id": "Red Hat Data Grid 7.3.7", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_data_grid:7.3" } } } ], "category": "product_family", "name": "Red Hat JBoss Data Grid" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2017-7656", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2018-06-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1595639" } ], "notes": [ { "category": "description", "text": "In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version (but did not act on it), then the response sent could be interpreted by the intermediary as HTTP/1 headers. This could be used to poison the cache if the server allowed the origin client to generate arbitrary content in the response.", "title": "Vulnerability description" }, { "category": "summary", "text": "jetty: HTTP request smuggling using the range header", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the versions of jetty embedded in the nutch package as shipped with Red Hat Satellite 5. The nutch service is not exposed, as such exploitation is difficult, Red Hat Product Security has rated this issue as having security impact of Low. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\n\nData Grid 7 has deprecated the agent-bond utility that permits this flaw; it is disabled by default and is no longer supported. While the functionality is still available for backward-compatibility usage, customers are strongly recommended to use Prometheus JMX instead. As the functionality is deprecated and no longer supported, the flaw has been scored as Moderate for Data Grid 7.\n\nData Grid 8 is not affected by this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-7656" }, { "category": "external", "summary": "RHBZ#1595639", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595639" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-7656", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7656" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7656", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7656" } ], "release_date": "2018-06-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jetty: HTTP request smuggling using the range header" }, { "cve": "CVE-2017-7657", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2018-06-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1595620" } ], "notes": [ { "category": "description", "text": "In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request.", "title": "Vulnerability description" }, { "category": "summary", "text": "jetty: HTTP request smuggling", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the versions of jetty embedded in the nutch package as shipped with Red Hat Satellite 5. The nutch service is not exposed, as such exploitation is difficult, Red Hat Product Security has rated this issue as having security impact of Low. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\n\nData Grid 7 has deprecated the agent-bond utility that permits this flaw; it is disabled by default and is no longer supported. While the functionality is still available for backward-compatibility usage, customers are strongly recommended to use Prometheus JMX instead. As the functionality is deprecated and no longer supported, the flaw has been scored as Moderate for Data Grid 7.\n\nData Grid 8 is not affected by this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-7657" }, { "category": "external", "summary": "RHBZ#1595620", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595620" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-7657", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7657" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7657", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7657" } ], "release_date": "2018-06-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jetty: HTTP request smuggling" }, { "cve": "CVE-2017-7658", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2018-06-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1595621" } ], "notes": [ { "category": "description", "text": "In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization.", "title": "Vulnerability description" }, { "category": "summary", "text": "jetty: Incorrect header handling", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the versions of jetty embedded in the nutch package as shipped with Red Hat Satellite 5. The nutch service is not exposed, as such exploitation is difficult, Red Hat Product Security has rated this issue as having security impact of Low. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\n\nData Grid 7 has deprecated the agent-bond utility that permits this flaw; it is disabled by default and is no longer supported. While the functionality is still available for backward-compatibility usage, customers are strongly recommended to use Prometheus JMX instead. As the functionality is deprecated and no longer supported, the flaw has been scored as Moderate for Data Grid 7.\n\nData Grid 8 is not affected by this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-7658" }, { "category": "external", "summary": "RHBZ#1595621", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595621" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-7658", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7658" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7658", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7658" } ], "release_date": "2018-06-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jetty: Incorrect header handling" }, { "acknowledgments": [ { "names": [ "Brian Stansberry" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2019-10172", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2019-04-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1715075" } ], "notes": [ { "category": "description", "text": "A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries such that an XML external entity (XXE) vulnerability affects codehaus\u0027s jackson-mapper-asl libraries. This vulnerability is similar to CVE-2016-3720. The primary threat from this flaw is data integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-mapper-asl: XML external entity similar to CVE-2016-3720", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-10172" }, { "category": "external", "summary": "RHBZ#1715075", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1715075" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-10172", "url": "https://www.cve.org/CVERecord?id=CVE-2019-10172" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10172", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10172" } ], "release_date": "2019-11-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-mapper-asl: XML external entity similar to CVE-2016-3720" }, { "acknowledgments": [ { "names": [ "Mirko Selber" ], "organization": "Compass Security" } ], "cve": "CVE-2020-1695", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2019-07-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1730462" } ], "notes": [ { "category": "description", "text": "A flaw was found in Resteasy, where an improper input validation results in returning an illegal header that integrates into the server\u0027s response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.", "title": "Vulnerability description" }, { "category": "summary", "text": "resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1695" }, { "category": "external", "summary": "RHBZ#1730462", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730462" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1695", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1695" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1695", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1695" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class" }, { "cve": "CVE-2020-1710", "cwe": { "id": "CWE-113", "name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)" }, "discovery_date": "2019-12-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1793970" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in JBoss EAP, where it does not process the header field-name in accordance with RFC7230. Whitespace between the header field-name and colon is processed, resulting in an HTTP response code of 200 instead of a bad request of 400.", "title": "Vulnerability description" }, { "category": "summary", "text": "EAP: field-name is not parsed in accordance to RFC7230", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1710" }, { "category": "external", "summary": "RHBZ#1793970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1710", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1710" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "Red Hat Data Grid 7.3.7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "EAP: field-name is not parsed in accordance to RFC7230" }, { "cve": "CVE-2020-1719", "cwe": { "id": "CWE-270", "name": "Privilege Context Switching Error" }, "discovery_date": "2019-08-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1796617" } ], "notes": [ { "category": "description", "text": "A flaw was found in wildfly. The EJBContext principle is not popped back after invoking another EJB using a different Security Domain. The highest threat from this vulnerability is to data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1719" }, { "category": "external", "summary": "RHBZ#1796617", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796617" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1719", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1719" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1719", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1719" } ], "release_date": "2019-06-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain" }, { "acknowledgments": [ { "names": [ "Steve Zapantis", "Robert Roberson", "taktakdb4g" ] } ], "cve": "CVE-2020-1745", "cwe": { "id": "CWE-285", "name": "Improper Authorization" }, "discovery_date": "2020-02-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1807305" } ], "notes": [ { "category": "description", "text": "A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances where the vulnerable server allows file uploads, an attacker could upload malicious JavaServer Pages (JSP) code within a variety of file types and trigger this vulnerability to gain remote code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: AJP File Read/Inclusion Vulnerability", "title": "Vulnerability summary" }, { "category": "other", "text": "Please refer to the Red Hat knowledgebase article: https://access.redhat.com/solutions/4851251 and CVE page https://access.redhat.com/security/cve/cve-2020-1938", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1745" }, { "category": "external", "summary": "RHBZ#1807305", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807305" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1745", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1745" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1745", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1745" }, { "category": "external", "summary": "https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert/", "url": "https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert/" }, { "category": "external", "summary": "https://www.cnvd.org.cn/webinfo/show/5415", "url": "https://www.cnvd.org.cn/webinfo/show/5415" }, { "category": "external", "summary": "https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487", "url": "https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487" } ], "release_date": "2020-02-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" }, { "category": "workaround", "details": "Please refer to the Red Hat knowledgebase article: https://access.redhat.com/solutions/4851251", "product_ids": [ "Red Hat Data Grid 7.3.7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "undertow: AJP File Read/Inclusion Vulnerability" }, { "cve": "CVE-2020-1748", "cwe": { "id": "CWE-285", "name": "Improper Authorization" }, "discovery_date": "2020-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1807707" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.", "title": "Vulnerability description" }, { "category": "summary", "text": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1748" }, { "category": "external", "summary": "RHBZ#1807707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1748", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1748" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain" }, { "acknowledgments": [ { "names": [ "Fedorov Oleksii", "Keitaro Yamazaki", "Shiga Ryota" ], "organization": "LINE Corporation" } ], "cve": "CVE-2020-1757", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2019-09-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1752770" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow, where the servlet container causes the servletPath to normalize incorrectly by truncating the path after the semicolon. The flaw may lead to application mapping, resulting in a security bypass.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1757" }, { "category": "external", "summary": "RHBZ#1752770", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752770" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1757", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1757" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1757", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1757" } ], "release_date": "2018-12-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" }, { "category": "workaround", "details": "The issue can be mitigated by configuring UrlPathHelper to ignore the servletPath via setting \"alwaysUseFullPath\".", "product_ids": [ "Red Hat Data Grid 7.3.7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.0" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass" }, { "cve": "CVE-2020-8840", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816330" } ], "notes": [ { "category": "description", "text": "A flaw was found in FasterXML jackson-databind in versions 2.0.0 through 2.9.10.2. A \"gadget\" exploit is possible due to a lack of a Java object being blocking from being deserialized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Lacks certain xbean-reflect/JNDI blocking", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-8840" }, { "category": "external", "summary": "RHBZ#1816330", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816330" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8840", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8840" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8840", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8840" } ], "release_date": "2020-03-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Lacks certain xbean-reflect/JNDI blocking" }, { "cve": "CVE-2020-9488", "cwe": { "id": "CWE-295", "name": "Improper Certificate Validation" }, "discovery_date": "2020-04-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1831139" } ], "notes": [ { "category": "description", "text": "Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j: improper validation of certificate with host mismatch in SMTP appender", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-9488" }, { "category": "external", "summary": "RHBZ#1831139", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1831139" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-9488", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9488" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9488", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9488" } ], "release_date": "2020-04-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" }, { "category": "workaround", "details": "Previous versions can set the system property mail.smtp.ssl.checkserveridentity to true to globally enable hostname verification for SMTPS connections.", "product_ids": [ "Red Hat Data Grid 7.3.7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "log4j: improper validation of certificate with host mismatch in SMTP appender" }, { "cve": "CVE-2020-9546", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816332" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in shaded-hikari-config", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-9546" }, { "category": "external", "summary": "RHBZ#1816332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816332" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-9546", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9546" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9546", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9546" } ], "release_date": "2020-03-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in shaded-hikari-config" }, { "cve": "CVE-2020-9547", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816337" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in ibatis-sqlmap", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-9547" }, { "category": "external", "summary": "RHBZ#1816337", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816337" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-9547", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9547" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9547", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9547" } ], "release_date": "2020-03-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in ibatis-sqlmap" }, { "cve": "CVE-2020-9548", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816340" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in anteros-core", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-9548" }, { "category": "external", "summary": "RHBZ#1816340", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816340" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-9548", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9548" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9548", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9548" } ], "release_date": "2020-03-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in anteros-core" }, { "cve": "CVE-2020-10672", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1815495" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10672" }, { "category": "external", "summary": "RHBZ#1815495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10672", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10672" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672" } ], "release_date": "2020-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution" }, { "cve": "CVE-2020-10673", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1815470" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time. Additionally, the gadget is not available within Red Hat Openstack Platform\u0027s OpenDaylight.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10673" }, { "category": "external", "summary": "RHBZ#1815470", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10673", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10673" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673" } ], "release_date": "2020-03-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution" }, { "acknowledgments": [ { "names": [ "Mark Banierink" ], "organization": "Nedap" } ], "cve": "CVE-2020-10714", "cwe": { "id": "CWE-384", "name": "Session Fixation" }, "discovery_date": "2020-03-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1825714" } ], "notes": [ { "category": "description", "text": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly-elytron: session fixation when using FORM authentication", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10714" }, { "category": "external", "summary": "RHBZ#1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10714", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10714" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714" } ], "release_date": "2020-04-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" }, { "category": "workaround", "details": "This attack is dependent on the attacker being able to create a session and the victim accessing the session before the session expires, we do have a 15 minute session timeout by default but the attacker could also keep this alive by say sending in a request every five minutes.\n\nThe server by default supports session tracking by URL and Cookie, if the web.xml is updated to support COOKIE only the exploit is not possible by sharing the link.\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eURL\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~\nTO\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eCOOKIE\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~", "product_ids": [ "Red Hat Data Grid 7.3.7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly-elytron: session fixation when using FORM authentication" }, { "cve": "CVE-2020-10968", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1819208" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x prior to version 2.9.10.4. The interaction between serialization gadgets and typing is mishandled in the bus-proxy. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider", "title": "Vulnerability summary" }, { "category": "other", "text": "While OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nThe PKI module as shipped in Red Hat Enterprise Linux 8 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used, lowering the impact of the vulnerability for the Product. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10968" }, { "category": "external", "summary": "RHBZ#1819208", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819208" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10968", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10968" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10968", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10968" } ], "release_date": "2020-03-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" }, { "category": "workaround", "details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`", "product_ids": [ "Red Hat Data Grid 7.3.7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider" }, { "cve": "CVE-2020-10969", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1819212" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in javax.swing.JEditorPane", "title": "Vulnerability summary" }, { "category": "other", "text": "While OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nThe PKI module as shipped in Red Hat Enterprise Linux 8 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used, lowering the impact of the vulnerability for the Product. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10969" }, { "category": "external", "summary": "RHBZ#1819212", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819212" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10969", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10969" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10969", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10969" } ], "release_date": "2020-03-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" }, { "category": "workaround", "details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`", "product_ids": [ "Red Hat Data Grid 7.3.7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: Serialization gadgets in javax.swing.JEditorPane" }, { "cve": "CVE-2020-11111", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-31T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1821304" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nThe PKI module as shipped in Red Hat Enterprise Linux 8 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used, lowering the impact of the vulnerability for the Product. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11111" }, { "category": "external", "summary": "RHBZ#1821304", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1821304" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11111", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11111" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11111", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11111" }, { "category": "external", "summary": "https://github.com/FasterXML/jackson-databind/issues/2664", "url": "https://github.com/FasterXML/jackson-databind/issues/2664" } ], "release_date": "2020-03-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" }, { "category": "workaround", "details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`", "product_ids": [ "Red Hat Data Grid 7.3.7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory" }, { "cve": "CVE-2020-11112", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-31T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1821311" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nThe PKI module as shipped in Red Hat Enterprise Linux 8 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used, lowering the impact of the vulnerability for the Product. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11112" }, { "category": "external", "summary": "RHBZ#1821311", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1821311" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11112", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11112" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11112", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11112" }, { "category": "external", "summary": "https://github.com/FasterXML/jackson-databind/issues/2666", "url": "https://github.com/FasterXML/jackson-databind/issues/2666" } ], "release_date": "2020-03-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" }, { "category": "workaround", "details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`", "product_ids": [ "Red Hat Data Grid 7.3.7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider" }, { "cve": "CVE-2020-11113", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-31T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1821315" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nThe PKI module as shipped in Red Hat Enterprise Linux 8 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used, lowering the impact of the vulnerability for the Product. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11113" }, { "category": "external", "summary": "RHBZ#1821315", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1821315" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11113", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11113" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11113", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11113" }, { "category": "external", "summary": "https://github.com/FasterXML/jackson-databind/issues/2670", "url": "https://github.com/FasterXML/jackson-databind/issues/2670" } ], "release_date": "2020-03-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" }, { "category": "workaround", "details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`", "product_ids": [ "Red Hat Data Grid 7.3.7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime" }, { "cve": "CVE-2020-11612", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-03-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816216" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error (OOME) or exhaustion of the memory pool.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform end users don\u0027t have direct access to send requests to ElasticSearch. A user could need access to the ElasticSearch service on the internal cluster network in order to be able to send malicious requests to it.\n\n\nThird party scanners flagging Red Hat Satellite due to availability of the higher version packages in Red Hat AMQ Clients (through errata RHSA-2020:2605) compare to the qpid packages from Satellite Tools repository. qpid dependency fixed in errata RHSA-2020:2605 was for Red Hat AMQ Clients and it doesn\u0027t necessarily mean that packages from Satellite Tools are affected. These are two different products with different architecture and code-base. Updating the packages from any other repository than the Satellite-tools repository is not recommended for Satellite Customers. \n\nRed Hat Satellite 6.7 and earlier ship affected version of netty, however, there is no external connection being exposed and it is used by only Artemis to open an internal connection within the JVM. Since netty does not come into contact with untrusted data, vulnerability is not exposed in product code and there is no breach of Confidentiality, Integrity or Availability expected from this vulnerability. We may update the netty and its dependency in a future release.\n\nMore information regarding Satellite related packages can be found on KCS: https://access.redhat.com/solutions/5200591", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11612" }, { "category": "external", "summary": "RHBZ#1816216", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816216" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11612", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11612" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612" } ], "release_date": "2020-01-31T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes" }, { "cve": "CVE-2020-11619", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-04-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1826805" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in org.springframework:spring-aop", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nThe PKI module as shipped in Red Hat Enterprise Linux 8 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used, lowering the impact of the vulnerability for the Product. We may update the jackson-databind dependency in a future release.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11619" }, { "category": "external", "summary": "RHBZ#1826805", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1826805" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11619", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11619" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11619", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11619" } ], "release_date": "2020-04-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" }, { "category": "workaround", "details": "The following conditions are needed for an exploit, we recommend avoiding all if possible:\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`", "product_ids": [ "Red Hat Data Grid 7.3.7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in org.springframework:spring-aop" }, { "cve": "CVE-2020-11620", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-04-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1826798" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in commons-jelly:commons-jelly", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nThe PKI module as shipped in Red Hat Enterprise Linux 8 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used, lowering the impact of the vulnerability for the Product. We may update the jackson-databind dependency in a future release.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11620" }, { "category": "external", "summary": "RHBZ#1826798", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1826798" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11620", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11620" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11620", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11620" } ], "release_date": "2020-04-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" }, { "category": "workaround", "details": "The following conditions are needed for an exploit, we recommend avoiding all if possible:\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`", "product_ids": [ "Red Hat Data Grid 7.3.7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in commons-jelly:commons-jelly" } ] }
rhsa-2020_3464
Vulnerability from csaf_redhat
Published
2020-08-17 13:25
Modified
2024-12-08 11:27
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.2 security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.3.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.3.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.1, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.2 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)
* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)
* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)
* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)
* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)
* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)
* undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)
* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)
* wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)
* wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.3.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.3.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.1, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.2 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)\n\n* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)\n\n* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)\n\n* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)\n\n* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)\n\n* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)\n\n* undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)\n\n* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)\n\n* wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)\n\n* wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:3464", "url": "https://access.redhat.com/errata/RHSA-2020:3464" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1666499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499" }, { "category": "external", "summary": "1694235", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235" }, { "category": "external", "summary": "1785049", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" }, { "category": "external", "summary": "1793970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" }, { "category": "external", "summary": "1805501", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501" }, { "category": "external", "summary": "1807707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707" }, { "category": "external", "summary": "1815470", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470" }, { "category": "external", "summary": "1815495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495" }, { "category": "external", "summary": "1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "1828476", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476" }, { "category": "external", "summary": "1834512", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512" }, { "category": "external", "summary": "1851327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327" }, { "category": "external", "summary": "1853595", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595" }, { "category": "external", "summary": "JBEAP-19095", "url": "https://issues.redhat.com/browse/JBEAP-19095" }, { "category": "external", "summary": "JBEAP-19134", "url": "https://issues.redhat.com/browse/JBEAP-19134" }, { "category": "external", "summary": "JBEAP-19185", "url": "https://issues.redhat.com/browse/JBEAP-19185" }, { "category": "external", "summary": "JBEAP-19203", "url": "https://issues.redhat.com/browse/JBEAP-19203" }, { "category": "external", "summary": "JBEAP-19269", "url": "https://issues.redhat.com/browse/JBEAP-19269" }, { "category": "external", "summary": "JBEAP-19322", "url": "https://issues.redhat.com/browse/JBEAP-19322" }, { "category": "external", "summary": "JBEAP-19325", "url": "https://issues.redhat.com/browse/JBEAP-19325" }, { "category": "external", "summary": "JBEAP-19397", "url": "https://issues.redhat.com/browse/JBEAP-19397" }, { "category": "external", "summary": "JBEAP-19529", "url": "https://issues.redhat.com/browse/JBEAP-19529" }, { "category": "external", "summary": "JBEAP-19564", "url": "https://issues.redhat.com/browse/JBEAP-19564" }, { "category": "external", "summary": "JBEAP-19585", "url": "https://issues.redhat.com/browse/JBEAP-19585" }, { "category": "external", "summary": "JBEAP-19617", "url": "https://issues.redhat.com/browse/JBEAP-19617" }, { "category": "external", "summary": "JBEAP-19619", "url": "https://issues.redhat.com/browse/JBEAP-19619" }, { "category": "external", "summary": "JBEAP-19673", "url": "https://issues.redhat.com/browse/JBEAP-19673" }, { "category": "external", "summary": "JBEAP-19674", "url": "https://issues.redhat.com/browse/JBEAP-19674" }, { "category": "external", "summary": "JBEAP-19874", "url": "https://issues.redhat.com/browse/JBEAP-19874" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3464.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.2 security update", "tracking": { "current_release_date": "2024-12-08T11:27:49+00:00", "generator": { "date": "2024-12-08T11:27:49+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2020:3464", "initial_release_date": "2020-08-17T13:25:19+00:00", "revision_history": [ { "date": "2020-08-17T13:25:19+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-08-17T13:25:19+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-08T11:27:49+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 7", "product": { "name": "Red Hat JBoss Enterprise Application Platform 7", "product_id": "Red Hat JBoss Enterprise Application Platform 7", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3.0" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Guillaume Smet" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2019-14900", "cwe": { "id": "CWE-89", "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)" }, "discovery_date": "2019-01-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1666499" } ], "notes": [ { "category": "description", "text": "A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "hibernate: SQL injection issue in Hibernate ORM", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenDaylight:\nIn RHOSP10, RHOSP13 and RHOSP14 editions of Red Hat OpenStack platform, the hibernate-jfa library shipped with OpenDaylight is contains a flaw in the processing of SQL queries. The hibernate-jha implemenation is not used in a vulnerable way in OpenDaylight, preventing the potential for SQL injection.\n\nRed Hat Satellite 6.2, 6.3 and 6.4 contains affected versions of hibernate-core in its candlepin component. However, that component does not use hibernate-core in a vulnerable way.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-14900" }, { "category": "external", "summary": "RHBZ#1666499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-14900", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14900" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900" } ], "release_date": "2020-05-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:25:19+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3464" }, { "category": "workaround", "details": "There is no currently known mitigation for this flaw.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hibernate: SQL injection issue in Hibernate ORM" }, { "cve": "CVE-2020-1710", "cwe": { "id": "CWE-113", "name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)" }, "discovery_date": "2019-12-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1793970" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in JBoss EAP, where it does not process the header field-name in accordance with RFC7230. Whitespace between the header field-name and colon is processed, resulting in an HTTP response code of 200 instead of a bad request of 400.", "title": "Vulnerability description" }, { "category": "summary", "text": "EAP: field-name is not parsed in accordance to RFC7230", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1710" }, { "category": "external", "summary": "RHBZ#1793970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1710", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1710" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:25:19+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3464" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "EAP: field-name is not parsed in accordance to RFC7230" }, { "cve": "CVE-2020-1748", "cwe": { "id": "CWE-285", "name": "Improper Authorization" }, "discovery_date": "2020-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1807707" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.", "title": "Vulnerability description" }, { "category": "summary", "text": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1748" }, { "category": "external", "summary": "RHBZ#1807707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1748", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1748" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:25:19+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3464" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain" }, { "cve": "CVE-2020-10672", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1815495" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10672" }, { "category": "external", "summary": "RHBZ#1815495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10672", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10672" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672" } ], "release_date": "2020-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:25:19+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3464" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution" }, { "cve": "CVE-2020-10673", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1815470" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time. Additionally, the gadget is not available within Red Hat Openstack Platform\u0027s OpenDaylight.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10673" }, { "category": "external", "summary": "RHBZ#1815470", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10673", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10673" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673" } ], "release_date": "2020-03-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:25:19+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3464" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution" }, { "acknowledgments": [ { "names": [ "Adith Sudhakar" ] } ], "cve": "CVE-2020-10683", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2019-03-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1694235" } ], "notes": [ { "category": "description", "text": "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.", "title": "Vulnerability description" }, { "category": "summary", "text": "dom4j: XML External Entity vulnerability in default SAX parser", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform ships a vulnerable version of dom4j library. However it\u0027s used to parse configuration files, which are local disk resources. We\u0027ve rated this issue with a moderate impact for OpenShift Container Platform.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10683" }, { "category": "external", "summary": "RHBZ#1694235", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10683", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10683" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:25:19+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3464" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "dom4j: XML External Entity vulnerability in default SAX parser" }, { "acknowledgments": [ { "names": [ "Aaron Ogburn" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-10687", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2019-06-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1785049" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.", "title": "Vulnerability description" }, { "category": "summary", "text": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10687" }, { "category": "external", "summary": "RHBZ#1785049", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10687", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10687" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:25:19+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3464" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests" }, { "acknowledgments": [ { "names": [ "Alvaro Mu\u00f1oz" ], "organization": "GitHub Security Labs" } ], "cve": "CVE-2020-10693", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2020-02-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1805501" } ], "notes": [ { "category": "description", "text": "A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.", "title": "Vulnerability description" }, { "category": "summary", "text": "hibernate-validator: Improper input validation in the interpolation of constraint error messages", "title": "Vulnerability summary" }, { "category": "other", "text": "hibernate-validator is packaged with Red Hat OpenStack Platform 13.0\u0027s OpenDaylight (ODL). However, because ODL is technical preview in this version and the flaw is moderate, Red Hat will not be releasing a fix for the OpenStack package at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10693" }, { "category": "external", "summary": "RHBZ#1805501", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10693", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10693" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693" } ], "release_date": "2020-05-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:25:19+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3464" }, { "category": "workaround", "details": "You can pass user input as an expression variable by unwrapping the context to HibernateConstraintValidatorContext. Please refer to the https://in.relation.to/2020/05/07/hibernate-validator-615-6020-released/ and https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#_the_code_constraintvalidatorcontext_code.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hibernate-validator: Improper input validation in the interpolation of constraint error messages" }, { "acknowledgments": [ { "names": [ "Mark Banierink" ], "organization": "Nedap" } ], "cve": "CVE-2020-10714", "cwe": { "id": "CWE-384", "name": "Session Fixation" }, "discovery_date": "2020-03-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1825714" } ], "notes": [ { "category": "description", "text": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly-elytron: session fixation when using FORM authentication", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10714" }, { "category": "external", "summary": "RHBZ#1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10714", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10714" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714" } ], "release_date": "2020-04-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:25:19+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3464" }, { "category": "workaround", "details": "This attack is dependent on the attacker being able to create a session and the victim accessing the session before the session expires, we do have a 15 minute session timeout by default but the attacker could also keep this alive by say sending in a request every five minutes.\n\nThe server by default supports session tracking by URL and Cookie, if the web.xml is updated to support COOKIE only the exploit is not possible by sharing the link.\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eURL\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~\nTO\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eCOOKIE\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly-elytron: session fixation when using FORM authentication" }, { "acknowledgments": [ { "names": [ "James R. Perkins" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-10718", "cwe": { "id": "CWE-749", "name": "Exposed Dangerous Method or Function" }, "discovery_date": "2020-03-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1828476" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10718" }, { "category": "external", "summary": "RHBZ#1828476", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10718", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10718" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:25:19+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3464" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API" }, { "acknowledgments": [ { "names": [ "Moritz Bechler" ], "organization": "SySS GmbH" } ], "cve": "CVE-2020-10740", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1834512" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans (EJB) due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10740" }, { "category": "external", "summary": "RHBZ#1834512", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10740", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10740" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740" } ], "release_date": "2020-06-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:25:19+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3464" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans" }, { "cve": "CVE-2020-11612", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-03-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816216" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error (OOME) or exhaustion of the memory pool.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform end users don\u0027t have direct access to send requests to ElasticSearch. A user could need access to the ElasticSearch service on the internal cluster network in order to be able to send malicious requests to it.\n\n\nThird party scanners flagging Red Hat Satellite due to availability of the higher version packages in Red Hat AMQ Clients (through errata RHSA-2020:2605) compare to the qpid packages from Satellite Tools repository. qpid dependency fixed in errata RHSA-2020:2605 was for Red Hat AMQ Clients and it doesn\u0027t necessarily mean that packages from Satellite Tools are affected. These are two different products with different architecture and code-base. Updating the packages from any other repository than the Satellite-tools repository is not recommended for Satellite Customers. \n\nRed Hat Satellite 6.7 and earlier ship affected version of netty, however, there is no external connection being exposed and it is used by only Artemis to open an internal connection within the JVM. Since netty does not come into contact with untrusted data, vulnerability is not exposed in product code and there is no breach of Confidentiality, Integrity or Availability expected from this vulnerability. We may update the netty and its dependency in a future release.\n\nMore information regarding Satellite related packages can be found on KCS: https://access.redhat.com/solutions/5200591", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11612" }, { "category": "external", "summary": "RHBZ#1816216", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816216" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11612", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11612" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612" } ], "release_date": "2020-01-31T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:25:19+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3464" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes" }, { "cve": "CVE-2020-14297", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-07-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1853595" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly\u0027s EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14297" }, { "category": "external", "summary": "RHBZ#1853595", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14297", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14297" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297" } ], "release_date": "2020-07-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:25:19+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3464" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service" }, { "cve": "CVE-2020-14307", "cwe": { "id": "CWE-404", "name": "Improper Resource Shutdown or Release" }, "discovery_date": "2020-06-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1851327" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Wildfly\u0027s Enterprise Java Beans (EJB), where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14307" }, { "category": "external", "summary": "RHBZ#1851327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14307", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14307" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307" } ], "release_date": "2020-07-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:25:19+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3464" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service" } ] }
rhsa-2020_3642
Vulnerability from csaf_redhat
Published
2020-09-07 13:05
Modified
2024-12-08 11:28
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.9 security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.2.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This release of Red Hat JBoss Enterprise Application Platform 7.2.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)
* jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)
* jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)
* jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)
* undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)
* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)
* jsf-impl: Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 (CVE-2020-6950)
* resteasy-jaxrs: resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)
* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)
* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)
* wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)
* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)
* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)
* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)
• wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)
* jboss-ejb-client: wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service (CVE-2020-14307)
* jboss-ejb-client: wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.2.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "This release of Red Hat JBoss Enterprise Application Platform 7.2.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)\n\n* jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)\n\n* jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)\n\n* jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)\n\n* undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)\n\n* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)\n\n* jsf-impl: Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 (CVE-2020-6950)\n\n* resteasy-jaxrs: resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)\n\n* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)\n\n* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)\n\n* wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)\n\n* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)\n\n* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)\n\n* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)\n\n\u2022 wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)\n\n* jboss-ejb-client: wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service (CVE-2020-14307)\n\n* jboss-ejb-client: wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:3642", "url": "https://access.redhat.com/errata/RHSA-2020:3642" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/" }, { "category": "external", "summary": "1666499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499" }, { "category": "external", "summary": "1694235", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235" }, { "category": "external", "summary": "1730462", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730462" }, { "category": "external", "summary": "1785049", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" }, { "category": "external", "summary": "1793970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" }, { "category": "external", "summary": "1805006", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805006" }, { "category": "external", "summary": "1805501", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501" }, { "category": "external", "summary": "1807707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707" }, { "category": "external", "summary": "1815470", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470" }, { "category": "external", "summary": "1815495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495" }, { "category": "external", "summary": "1816330", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816330" }, { "category": "external", "summary": "1816332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816332" }, { "category": "external", "summary": "1816337", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816337" }, { "category": "external", "summary": "1816340", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816340" }, { "category": "external", "summary": "1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "1828476", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476" }, { "category": "external", "summary": "1834512", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512" }, { "category": "external", "summary": "1851327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327" }, { "category": "external", "summary": "1853595", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595" }, { "category": "external", "summary": "JBEAP-18366", "url": "https://issues.redhat.com/browse/JBEAP-18366" }, { "category": "external", "summary": "JBEAP-18667", "url": "https://issues.redhat.com/browse/JBEAP-18667" }, { "category": "external", "summary": "JBEAP-18849", "url": "https://issues.redhat.com/browse/JBEAP-18849" }, { "category": "external", "summary": "JBEAP-18880", "url": "https://issues.redhat.com/browse/JBEAP-18880" }, { "category": "external", "summary": "JBEAP-18906", "url": "https://issues.redhat.com/browse/JBEAP-18906" }, { "category": "external", "summary": "JBEAP-18919", "url": "https://issues.redhat.com/browse/JBEAP-18919" }, { "category": "external", "summary": "JBEAP-18965", "url": "https://issues.redhat.com/browse/JBEAP-18965" }, { "category": "external", "summary": "JBEAP-19058", "url": "https://issues.redhat.com/browse/JBEAP-19058" }, { "category": "external", "summary": "JBEAP-19120", "url": "https://issues.redhat.com/browse/JBEAP-19120" }, { "category": "external", "summary": "JBEAP-19255", "url": "https://issues.redhat.com/browse/JBEAP-19255" }, { "category": "external", "summary": "JBEAP-19271", "url": "https://issues.redhat.com/browse/JBEAP-19271" }, { "category": "external", "summary": "JBEAP-19315", "url": "https://issues.redhat.com/browse/JBEAP-19315" }, { "category": "external", "summary": "JBEAP-19463", "url": "https://issues.redhat.com/browse/JBEAP-19463" }, { "category": "external", "summary": "JBEAP-19565", "url": "https://issues.redhat.com/browse/JBEAP-19565" }, { "category": "external", "summary": "JBEAP-19587", "url": "https://issues.redhat.com/browse/JBEAP-19587" }, { "category": "external", "summary": "JBEAP-19620", "url": "https://issues.redhat.com/browse/JBEAP-19620" }, { "category": "external", "summary": "JBEAP-19624", "url": "https://issues.redhat.com/browse/JBEAP-19624" }, { "category": "external", "summary": "JBEAP-19703", "url": "https://issues.redhat.com/browse/JBEAP-19703" }, { "category": "external", "summary": "JBEAP-19704", "url": "https://issues.redhat.com/browse/JBEAP-19704" }, { "category": "external", "summary": "JBEAP-19798", "url": "https://issues.redhat.com/browse/JBEAP-19798" }, { "category": "external", "summary": "JBEAP-19837", "url": "https://issues.redhat.com/browse/JBEAP-19837" }, { "category": "external", "summary": "JBEAP-19875", "url": "https://issues.redhat.com/browse/JBEAP-19875" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3642.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.9 security update", "tracking": { "current_release_date": "2024-12-08T11:28:43+00:00", "generator": { "date": "2024-12-08T11:28:43+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2020:3642", "initial_release_date": "2020-09-07T13:05:33+00:00", "revision_history": [ { "date": "2020-09-07T13:05:33+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-09-07T13:05:33+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-08T11:28:43+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 7", "product": { "name": "Red Hat JBoss Enterprise Application Platform 7", "product_id": "Red Hat JBoss Enterprise Application Platform 7", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2.0" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Guillaume Smet" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2019-14900", "cwe": { "id": "CWE-89", "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)" }, "discovery_date": "2019-01-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1666499" } ], "notes": [ { "category": "description", "text": "A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "hibernate: SQL injection issue in Hibernate ORM", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenDaylight:\nIn RHOSP10, RHOSP13 and RHOSP14 editions of Red Hat OpenStack platform, the hibernate-jfa library shipped with OpenDaylight is contains a flaw in the processing of SQL queries. The hibernate-jha implemenation is not used in a vulnerable way in OpenDaylight, preventing the potential for SQL injection.\n\nRed Hat Satellite 6.2, 6.3 and 6.4 contains affected versions of hibernate-core in its candlepin component. However, that component does not use hibernate-core in a vulnerable way.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-14900" }, { "category": "external", "summary": "RHBZ#1666499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-14900", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14900" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900" } ], "release_date": "2020-05-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T13:05:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3642" }, { "category": "workaround", "details": "There is no currently known mitigation for this flaw.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hibernate: SQL injection issue in Hibernate ORM" }, { "acknowledgments": [ { "names": [ "Mirko Selber" ], "organization": "Compass Security" } ], "cve": "CVE-2020-1695", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2019-07-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1730462" } ], "notes": [ { "category": "description", "text": "A flaw was found in Resteasy, where an improper input validation results in returning an illegal header that integrates into the server\u0027s response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.", "title": "Vulnerability description" }, { "category": "summary", "text": "resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1695" }, { "category": "external", "summary": "RHBZ#1730462", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730462" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1695", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1695" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1695", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1695" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T13:05:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class" }, { "cve": "CVE-2020-1710", "cwe": { "id": "CWE-113", "name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)" }, "discovery_date": "2019-12-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1793970" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in JBoss EAP, where it does not process the header field-name in accordance with RFC7230. Whitespace between the header field-name and colon is processed, resulting in an HTTP response code of 200 instead of a bad request of 400.", "title": "Vulnerability description" }, { "category": "summary", "text": "EAP: field-name is not parsed in accordance to RFC7230", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1710" }, { "category": "external", "summary": "RHBZ#1793970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1710", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1710" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T13:05:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3642" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "EAP: field-name is not parsed in accordance to RFC7230" }, { "cve": "CVE-2020-1748", "cwe": { "id": "CWE-285", "name": "Improper Authorization" }, "discovery_date": "2020-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1807707" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.", "title": "Vulnerability description" }, { "category": "summary", "text": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1748" }, { "category": "external", "summary": "RHBZ#1807707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1748", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1748" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T13:05:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain" }, { "acknowledgments": [ { "names": [ "An Trinh" ] } ], "cve": "CVE-2020-6950", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2019-12-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1805006" } ], "notes": [ { "category": "description", "text": "A flaw was found in Eclipse Mojarra before version 2.3.14, where it is vulnerable to a path traversal flaw via the loc parameter or the con parameter. An attacker could exploit this flaw to read arbitrary files.", "title": "Vulnerability description" }, { "category": "summary", "text": "Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-6950" }, { "category": "external", "summary": "RHBZ#1805006", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805006" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6950", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6950" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6950", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6950" }, { "category": "external", "summary": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=550943", "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=550943" }, { "category": "external", "summary": "https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24", "url": "https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24" }, { "category": "external", "summary": "https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741", "url": "https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741" }, { "category": "external", "summary": "https://github.com/eclipse-ee4j/mojarra/issues/4571", "url": "https://github.com/eclipse-ee4j/mojarra/issues/4571" }, { "category": "external", "summary": "https://github.com/javaserverfaces/mojarra/issues/4364", "url": "https://github.com/javaserverfaces/mojarra/issues/4364" } ], "release_date": "2020-02-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T13:05:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3642" }, { "category": "workaround", "details": "There is no currently known mitigation for this flaw.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371" }, { "cve": "CVE-2020-8840", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816330" } ], "notes": [ { "category": "description", "text": "A flaw was found in FasterXML jackson-databind in versions 2.0.0 through 2.9.10.2. A \"gadget\" exploit is possible due to a lack of a Java object being blocking from being deserialized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Lacks certain xbean-reflect/JNDI blocking", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-8840" }, { "category": "external", "summary": "RHBZ#1816330", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816330" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8840", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8840" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8840", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8840" } ], "release_date": "2020-03-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T13:05:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Lacks certain xbean-reflect/JNDI blocking" }, { "cve": "CVE-2020-9546", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816332" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in shaded-hikari-config", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-9546" }, { "category": "external", "summary": "RHBZ#1816332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816332" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-9546", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9546" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9546", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9546" } ], "release_date": "2020-03-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T13:05:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in shaded-hikari-config" }, { "cve": "CVE-2020-9547", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816337" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in ibatis-sqlmap", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-9547" }, { "category": "external", "summary": "RHBZ#1816337", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816337" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-9547", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9547" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9547", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9547" } ], "release_date": "2020-03-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T13:05:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in ibatis-sqlmap" }, { "cve": "CVE-2020-9548", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816340" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in anteros-core", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-9548" }, { "category": "external", "summary": "RHBZ#1816340", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816340" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-9548", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9548" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9548", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9548" } ], "release_date": "2020-03-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T13:05:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in anteros-core" }, { "cve": "CVE-2020-10672", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1815495" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10672" }, { "category": "external", "summary": "RHBZ#1815495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10672", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10672" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672" } ], "release_date": "2020-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T13:05:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution" }, { "cve": "CVE-2020-10673", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1815470" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time. Additionally, the gadget is not available within Red Hat Openstack Platform\u0027s OpenDaylight.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10673" }, { "category": "external", "summary": "RHBZ#1815470", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10673", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10673" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673" } ], "release_date": "2020-03-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T13:05:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution" }, { "acknowledgments": [ { "names": [ "Adith Sudhakar" ] } ], "cve": "CVE-2020-10683", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2019-03-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1694235" } ], "notes": [ { "category": "description", "text": "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.", "title": "Vulnerability description" }, { "category": "summary", "text": "dom4j: XML External Entity vulnerability in default SAX parser", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform ships a vulnerable version of dom4j library. However it\u0027s used to parse configuration files, which are local disk resources. We\u0027ve rated this issue with a moderate impact for OpenShift Container Platform.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10683" }, { "category": "external", "summary": "RHBZ#1694235", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10683", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10683" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T13:05:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "dom4j: XML External Entity vulnerability in default SAX parser" }, { "acknowledgments": [ { "names": [ "Aaron Ogburn" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-10687", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2019-06-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1785049" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.", "title": "Vulnerability description" }, { "category": "summary", "text": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10687" }, { "category": "external", "summary": "RHBZ#1785049", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10687", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10687" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T13:05:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests" }, { "acknowledgments": [ { "names": [ "Alvaro Mu\u00f1oz" ], "organization": "GitHub Security Labs" } ], "cve": "CVE-2020-10693", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2020-02-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1805501" } ], "notes": [ { "category": "description", "text": "A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.", "title": "Vulnerability description" }, { "category": "summary", "text": "hibernate-validator: Improper input validation in the interpolation of constraint error messages", "title": "Vulnerability summary" }, { "category": "other", "text": "hibernate-validator is packaged with Red Hat OpenStack Platform 13.0\u0027s OpenDaylight (ODL). However, because ODL is technical preview in this version and the flaw is moderate, Red Hat will not be releasing a fix for the OpenStack package at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10693" }, { "category": "external", "summary": "RHBZ#1805501", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10693", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10693" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693" } ], "release_date": "2020-05-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T13:05:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3642" }, { "category": "workaround", "details": "You can pass user input as an expression variable by unwrapping the context to HibernateConstraintValidatorContext. Please refer to the https://in.relation.to/2020/05/07/hibernate-validator-615-6020-released/ and https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#_the_code_constraintvalidatorcontext_code.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hibernate-validator: Improper input validation in the interpolation of constraint error messages" }, { "acknowledgments": [ { "names": [ "Mark Banierink" ], "organization": "Nedap" } ], "cve": "CVE-2020-10714", "cwe": { "id": "CWE-384", "name": "Session Fixation" }, "discovery_date": "2020-03-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1825714" } ], "notes": [ { "category": "description", "text": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly-elytron: session fixation when using FORM authentication", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10714" }, { "category": "external", "summary": "RHBZ#1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10714", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10714" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714" } ], "release_date": "2020-04-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T13:05:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3642" }, { "category": "workaround", "details": "This attack is dependent on the attacker being able to create a session and the victim accessing the session before the session expires, we do have a 15 minute session timeout by default but the attacker could also keep this alive by say sending in a request every five minutes.\n\nThe server by default supports session tracking by URL and Cookie, if the web.xml is updated to support COOKIE only the exploit is not possible by sharing the link.\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eURL\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~\nTO\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eCOOKIE\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly-elytron: session fixation when using FORM authentication" }, { "acknowledgments": [ { "names": [ "James R. Perkins" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-10718", "cwe": { "id": "CWE-749", "name": "Exposed Dangerous Method or Function" }, "discovery_date": "2020-03-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1828476" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10718" }, { "category": "external", "summary": "RHBZ#1828476", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10718", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10718" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T13:05:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API" }, { "acknowledgments": [ { "names": [ "Moritz Bechler" ], "organization": "SySS GmbH" } ], "cve": "CVE-2020-10740", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1834512" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans (EJB) due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10740" }, { "category": "external", "summary": "RHBZ#1834512", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10740", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10740" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740" } ], "release_date": "2020-06-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T13:05:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3642" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans" }, { "cve": "CVE-2020-14297", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-07-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1853595" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly\u0027s EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14297" }, { "category": "external", "summary": "RHBZ#1853595", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14297", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14297" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297" } ], "release_date": "2020-07-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T13:05:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service" }, { "cve": "CVE-2020-14307", "cwe": { "id": "CWE-404", "name": "Improper Resource Shutdown or Release" }, "discovery_date": "2020-06-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1851327" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Wildfly\u0027s Enterprise Java Beans (EJB), where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14307" }, { "category": "external", "summary": "RHBZ#1851327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14307", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14307" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307" } ], "release_date": "2020-07-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T13:05:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3642" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service" } ] }
rhsa-2020_3539
Vulnerability from csaf_redhat
Published
2020-09-02 09:47
Modified
2024-11-15 08:36
Summary
Red Hat Security Advisory: Red Hat build of Thorntail 2.7.1 security and bug fix update
Notes
Topic
An update is now available for Red Hat build of Thorntail.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. For more information, see the CVE links in the References section.
Details
This release of Red Hat build of Thorntail 2.7.1 includes security updates, bug fixes, and enhancements. For more information, see the release notes listed in the References section.
Security Fix(es):
* EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)
* Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)
* keycloak: security headers missing on REST endpoints (CVE-2020-1728)
* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)
* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)
* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)
* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)
* wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service (CVE-2020-14307)
* keycloak: DoS by sending multiple simultaneous requests with a Content-Length header value greater than actual byte count of request body (CVE-2020-10758)
* wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)
For more details about the security issues and their impact, the CVSS score, acknowledgements, and other related information, see the CVE pages listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat build of Thorntail.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. For more information, see the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "This release of Red Hat build of Thorntail 2.7.1 includes security updates, bug fixes, and enhancements. For more information, see the release notes listed in the References section.\n\nSecurity Fix(es):\n\n* EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)\n\n* Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)\n\n* keycloak: security headers missing on REST endpoints (CVE-2020-1728)\n\n* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)\n\n* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)\n\n* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)\n\n* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)\n\n* wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service (CVE-2020-14307)\n\n* keycloak: DoS by sending multiple simultaneous requests with a Content-Length header value greater than actual byte count of request body (CVE-2020-10758)\n\n* wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)\n\nFor more details about the security issues and their impact, the CVSS score, acknowledgements, and other related information, see the CVE pages listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:3539", "url": "https://access.redhat.com/errata/RHSA-2020:3539" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=catRhoar.thorntail\u0026version=2.7.1", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=catRhoar.thorntail\u0026version=2.7.1" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_build_of_thorntail/2.7/html/release_notes_for_thorntail_2.7/", "url": "https://access.redhat.com/documentation/en-us/red_hat_build_of_thorntail/2.7/html/release_notes_for_thorntail_2.7/" }, { "category": "external", "summary": "1793970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" }, { "category": "external", "summary": "1800585", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800585" }, { "category": "external", "summary": "1805501", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501" }, { "category": "external", "summary": "1807707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707" }, { "category": "external", "summary": "1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "1828476", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476" }, { "category": "external", "summary": "1834512", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512" }, { "category": "external", "summary": "1843849", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843849" }, { "category": "external", "summary": "1851327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327" }, { "category": "external", "summary": "1853595", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3539.json" } ], "title": "Red Hat Security Advisory: Red Hat build of Thorntail 2.7.1 security and bug fix update", "tracking": { "current_release_date": "2024-11-15T08:36:55+00:00", "generator": { "date": "2024-11-15T08:36:55+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2020:3539", "initial_release_date": "2020-09-02T09:47:16+00:00", "revision_history": [ { "date": "2020-09-02T09:47:16+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-09-02T09:47:16+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T08:36:55+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Text-Only RHOAR", "product": { "name": "Text-Only RHOAR", "product_id": "Text-Only RHOAR", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0" } } } ], "category": "product_family", "name": "Red Hat OpenShift Application Runtimes" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-1710", "cwe": { "id": "CWE-113", "name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)" }, "discovery_date": "2019-12-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1793970" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in JBoss EAP, where it does not process the header field-name in accordance with RFC7230. Whitespace between the header field-name and colon is processed, resulting in an HTTP response code of 200 instead of a bad request of 400.", "title": "Vulnerability description" }, { "category": "summary", "text": "EAP: field-name is not parsed in accordance to RFC7230", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only RHOAR" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1710" }, { "category": "external", "summary": "RHBZ#1793970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1710", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1710" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-02T09:47:16+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Text-Only RHOAR" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3539" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "Text-Only RHOAR" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "Text-Only RHOAR" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "EAP: field-name is not parsed in accordance to RFC7230" }, { "cve": "CVE-2020-1728", "cwe": { "id": "CWE-358", "name": "Improperly Implemented Security Check for Standard" }, "discovery_date": "2020-02-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1800585" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak\u2019s Admin Console, where it is missing HTTP security headers in HTTP responses. This issue is not a direct vulnerability and may not lead to a security issue, but increases the chances of allowing attackers to exploit other security flaws. Examples of these possible exploits are servers being prone to clickjacking, channel downgrade attacks, and other similar client-based attack vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: security headers missing on REST endpoints", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only RHOAR" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1728" }, { "category": "external", "summary": "RHBZ#1800585", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800585" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1728", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1728" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1728", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1728" } ], "release_date": "2019-11-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-02T09:47:16+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Text-Only RHOAR" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3539" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "Text-Only RHOAR" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "keycloak: security headers missing on REST endpoints" }, { "cve": "CVE-2020-1748", "cwe": { "id": "CWE-285", "name": "Improper Authorization" }, "discovery_date": "2020-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1807707" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.", "title": "Vulnerability description" }, { "category": "summary", "text": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only RHOAR" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1748" }, { "category": "external", "summary": "RHBZ#1807707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1748", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1748" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-02T09:47:16+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Text-Only RHOAR" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3539" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "Text-Only RHOAR" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain" }, { "acknowledgments": [ { "names": [ "Alvaro Mu\u00f1oz" ], "organization": "GitHub Security Labs" } ], "cve": "CVE-2020-10693", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2020-02-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1805501" } ], "notes": [ { "category": "description", "text": "A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.", "title": "Vulnerability description" }, { "category": "summary", "text": "hibernate-validator: Improper input validation in the interpolation of constraint error messages", "title": "Vulnerability summary" }, { "category": "other", "text": "hibernate-validator is packaged with Red Hat OpenStack Platform 13.0\u0027s OpenDaylight (ODL). However, because ODL is technical preview in this version and the flaw is moderate, Red Hat will not be releasing a fix for the OpenStack package at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only RHOAR" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10693" }, { "category": "external", "summary": "RHBZ#1805501", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10693", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10693" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693" } ], "release_date": "2020-05-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-02T09:47:16+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Text-Only RHOAR" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3539" }, { "category": "workaround", "details": "You can pass user input as an expression variable by unwrapping the context to HibernateConstraintValidatorContext. Please refer to the https://in.relation.to/2020/05/07/hibernate-validator-615-6020-released/ and https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#_the_code_constraintvalidatorcontext_code.", "product_ids": [ "Text-Only RHOAR" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "Text-Only RHOAR" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hibernate-validator: Improper input validation in the interpolation of constraint error messages" }, { "acknowledgments": [ { "names": [ "Mark Banierink" ], "organization": "Nedap" } ], "cve": "CVE-2020-10714", "cwe": { "id": "CWE-384", "name": "Session Fixation" }, "discovery_date": "2020-03-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1825714" } ], "notes": [ { "category": "description", "text": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly-elytron: session fixation when using FORM authentication", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only RHOAR" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10714" }, { "category": "external", "summary": "RHBZ#1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10714", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10714" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714" } ], "release_date": "2020-04-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-02T09:47:16+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Text-Only RHOAR" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3539" }, { "category": "workaround", "details": "This attack is dependent on the attacker being able to create a session and the victim accessing the session before the session expires, we do have a 15 minute session timeout by default but the attacker could also keep this alive by say sending in a request every five minutes.\n\nThe server by default supports session tracking by URL and Cookie, if the web.xml is updated to support COOKIE only the exploit is not possible by sharing the link.\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eURL\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~\nTO\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eCOOKIE\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~", "product_ids": [ "Text-Only RHOAR" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Text-Only RHOAR" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly-elytron: session fixation when using FORM authentication" }, { "acknowledgments": [ { "names": [ "James R. Perkins" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-10718", "cwe": { "id": "CWE-749", "name": "Exposed Dangerous Method or Function" }, "discovery_date": "2020-03-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1828476" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only RHOAR" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10718" }, { "category": "external", "summary": "RHBZ#1828476", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10718", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10718" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-02T09:47:16+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Text-Only RHOAR" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3539" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Text-Only RHOAR" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API" }, { "acknowledgments": [ { "names": [ "Moritz Bechler" ], "organization": "SySS GmbH" } ], "cve": "CVE-2020-10740", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1834512" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans (EJB) due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only RHOAR" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10740" }, { "category": "external", "summary": "RHBZ#1834512", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10740", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10740" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740" } ], "release_date": "2020-06-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-02T09:47:16+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Text-Only RHOAR" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3539" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "Text-Only RHOAR" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Text-Only RHOAR" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans" }, { "acknowledgments": [ { "names": [ "Matt Hamilton" ], "organization": "Soluble.ai" } ], "cve": "CVE-2020-10758", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-06-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1843849" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak. This flaw allows an attacker to perform a denial of service attack by sending multiple simultaneous requests with a Content-Length header value greater than the actual byte count of the request body. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: DoS by sending multiple simultaneous requests with a Content-Length header value greater than actual byte count of request body", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only RHOAR" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10758" }, { "category": "external", "summary": "RHBZ#1843849", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843849" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10758", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10758" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10758", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10758" } ], "release_date": "2020-08-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-02T09:47:16+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Text-Only RHOAR" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3539" }, { "category": "workaround", "details": "- The possibility of this issue largely depends on the environment, specifically the load balancer or reverse proxies between the client and the server. The issue occurs when there is no load balancer in place.\n\n- Proper tuning of HTTP request timeout and keycloak database max pool size can mitigate this issue :\nbin/jboss-cli.sh --connect --commands=\u0027/subsystem=transactions:write-attribute(name=default-timeout,value=30),/subsystem=undertow/server=default-server/http-listener=default/:write-attribute(name=read-timeout,value=30000),/subsystem=undertow/server=default-server/https-listener=https/:write-attribute(name=read-timeout,value=30000),/subsystem=datasources/data-source=KeycloakDS/:write-attribute(name=max-pool-size,value=100),reload\u0027", "product_ids": [ "Text-Only RHOAR" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Text-Only RHOAR" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "keycloak: DoS by sending multiple simultaneous requests with a Content-Length header value greater than actual byte count of request body" }, { "cve": "CVE-2020-14297", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-07-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1853595" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly\u0027s EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only RHOAR" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14297" }, { "category": "external", "summary": "RHBZ#1853595", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14297", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14297" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297" } ], "release_date": "2020-07-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-02T09:47:16+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Text-Only RHOAR" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3539" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Text-Only RHOAR" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service" }, { "cve": "CVE-2020-14307", "cwe": { "id": "CWE-404", "name": "Improper Resource Shutdown or Release" }, "discovery_date": "2020-06-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1851327" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Wildfly\u0027s Enterprise Java Beans (EJB), where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only RHOAR" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14307" }, { "category": "external", "summary": "RHBZ#1851327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14307", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14307" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307" } ], "release_date": "2020-07-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-02T09:47:16+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Text-Only RHOAR" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3539" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Text-Only RHOAR" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service" } ] }
rhsa-2020_3639
Vulnerability from csaf_redhat
Published
2020-09-07 12:58
Modified
2024-12-08 11:28
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 8 security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This release of Red Hat JBoss Enterprise Application Platform 7.2.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)
* jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)
* jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)
* jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)
* undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)
* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)
* jsf-impl: Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 (CVE-2020-6950)
* resteasy-jaxrs: resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)
* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)
* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)
* wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)
* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)
* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)
* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)
• wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)
* jboss-ejb-client: wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service (CVE-2020-14307)
* jboss-ejb-client: wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "This release of Red Hat JBoss Enterprise Application Platform 7.2.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)\n\n* jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)\n\n* jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)\n\n* jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)\n\n* undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)\n\n* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)\n\n* jsf-impl: Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 (CVE-2020-6950)\n\n* resteasy-jaxrs: resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)\n\n* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)\n\n* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)\n\n* wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)\n\n* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)\n\n* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)\n\n* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)\n\n\u2022 wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)\n\n* jboss-ejb-client: wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service (CVE-2020-14307)\n\n* jboss-ejb-client: wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:3639", "url": "https://access.redhat.com/errata/RHSA-2020:3639" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/" }, { "category": "external", "summary": "1666499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499" }, { "category": "external", "summary": "1694235", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235" }, { "category": "external", "summary": "1730462", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730462" }, { "category": "external", "summary": "1785049", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" }, { "category": "external", "summary": "1793970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" }, { "category": "external", "summary": "1805006", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805006" }, { "category": "external", "summary": "1805501", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501" }, { "category": "external", "summary": "1807707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707" }, { "category": "external", "summary": "1815470", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470" }, { "category": "external", "summary": "1815495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495" }, { "category": "external", "summary": "1816330", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816330" }, { "category": "external", "summary": "1816332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816332" }, { "category": "external", "summary": "1816337", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816337" }, { "category": "external", "summary": "1816340", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816340" }, { "category": "external", "summary": "1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "1828476", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476" }, { "category": "external", "summary": "1834512", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512" }, { "category": "external", "summary": "1851327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327" }, { "category": "external", "summary": "1853595", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595" }, { "category": "external", "summary": "JBEAP-18366", "url": "https://issues.redhat.com/browse/JBEAP-18366" }, { "category": "external", "summary": "JBEAP-18667", "url": "https://issues.redhat.com/browse/JBEAP-18667" }, { "category": "external", "summary": "JBEAP-18849", "url": "https://issues.redhat.com/browse/JBEAP-18849" }, { "category": "external", "summary": "JBEAP-18880", "url": "https://issues.redhat.com/browse/JBEAP-18880" }, { "category": "external", "summary": "JBEAP-18906", "url": "https://issues.redhat.com/browse/JBEAP-18906" }, { "category": "external", "summary": "JBEAP-18919", "url": "https://issues.redhat.com/browse/JBEAP-18919" }, { "category": "external", "summary": "JBEAP-18965", "url": "https://issues.redhat.com/browse/JBEAP-18965" }, { "category": "external", "summary": "JBEAP-19040", "url": "https://issues.redhat.com/browse/JBEAP-19040" }, { "category": "external", "summary": "JBEAP-19058", "url": "https://issues.redhat.com/browse/JBEAP-19058" }, { "category": "external", "summary": "JBEAP-19120", "url": "https://issues.redhat.com/browse/JBEAP-19120" }, { "category": "external", "summary": "JBEAP-19255", "url": "https://issues.redhat.com/browse/JBEAP-19255" }, { "category": "external", "summary": "JBEAP-19271", "url": "https://issues.redhat.com/browse/JBEAP-19271" }, { "category": "external", "summary": "JBEAP-19315", "url": "https://issues.redhat.com/browse/JBEAP-19315" }, { "category": "external", "summary": "JBEAP-19463", "url": "https://issues.redhat.com/browse/JBEAP-19463" }, { "category": "external", "summary": "JBEAP-19565", "url": "https://issues.redhat.com/browse/JBEAP-19565" }, { "category": "external", "summary": "JBEAP-19587", "url": "https://issues.redhat.com/browse/JBEAP-19587" }, { "category": "external", "summary": "JBEAP-19620", "url": "https://issues.redhat.com/browse/JBEAP-19620" }, { "category": "external", "summary": "JBEAP-19624", "url": "https://issues.redhat.com/browse/JBEAP-19624" }, { "category": "external", "summary": "JBEAP-19703", "url": "https://issues.redhat.com/browse/JBEAP-19703" }, { "category": "external", "summary": "JBEAP-19704", "url": "https://issues.redhat.com/browse/JBEAP-19704" }, { "category": "external", "summary": "JBEAP-19798", "url": "https://issues.redhat.com/browse/JBEAP-19798" }, { "category": "external", "summary": "JBEAP-19837", "url": "https://issues.redhat.com/browse/JBEAP-19837" }, { "category": "external", "summary": "JBEAP-19875", "url": "https://issues.redhat.com/browse/JBEAP-19875" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3639.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 8 security update", "tracking": { "current_release_date": "2024-12-08T11:28:33+00:00", "generator": { "date": "2024-12-08T11:28:33+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2020:3639", "initial_release_date": "2020-09-07T12:58:06+00:00", "revision_history": [ { "date": "2020-09-07T12:58:06+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-09-07T12:58:06+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-08T11:28:33+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss EAP 7.2 for RHEL 8", "product": { "name": "Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.20-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator-cdi@6.0.20-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow-server@1.2.5-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-dom4j@2.1.3-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-atom-provider@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-cdi@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-client@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-client-microprofile@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-crypto@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jackson-provider@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jackson2-provider@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jaxb-provider@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jaxrs@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jettison-provider@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jose-jwt@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jsapi@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-json-binding-provider@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-json-p-provider@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-multipart-provider@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-rxjava2@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-spring@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-validator-provider-11@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-yaml-provider@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.6-4.SP3_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.9.10.4-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.17-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.17-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.17-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.17-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.17-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-genericjms@2.0.6-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "product_id": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.0.30-4.SP4_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.6.8-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "product": { "name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "product_id": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.5-13.SP3_redhat_00011.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "product": { "name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "product_id": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@2.3.5-7.SP2_redhat_00005.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "product": { "name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "product_id": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-core@3.0.6-4.Final_redhat_00004.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "product": { "name": "eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "product_id": "eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-core-impl@3.0.6-4.Final_redhat_00004.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "product": { "name": "eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "product_id": "eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-core-jsf@3.0.6-4.Final_redhat_00004.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "product": { "name": "eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "product_id": "eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-ejb@3.0.6-4.Final_redhat_00004.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "product": { "name": "eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "product_id": "eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-jta@3.0.6-4.Final_redhat_00004.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "product": { "name": "eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "product_id": "eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-probe-core@3.0.6-4.Final_redhat_00004.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "product": { "name": "eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "product_id": "eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-web@3.0.6-4.Final_redhat_00004.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.1.15-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-modules@1.8.10-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.11-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.0.23-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly13.0-server@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly14.0-server@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-client-common@1.0.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-ejb-client@1.0.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-naming-client@1.0.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-transaction-client@1.0.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "product": { "name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "product_id": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.2.9-4.GA_redhat_00003.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "product": { "name": "eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "product_id": "eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.2.9-4.GA_redhat_00003.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "product": { "name": "eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "product_id": "eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.2.9-4.GA_redhat_00003.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.20-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-elytron-web@1.2.5-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "product": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "product_id": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-dom4j@2.1.3-1.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "product": { "name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "product_id": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "product": { "name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "product_id": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.6-4.SP3_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "product": { "name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "product_id": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.9.10.4-1.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.17-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-genericjms@2.0.6-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "product": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "product_id": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.0.30-4.SP4_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.6.8-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "product": { "name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "product_id": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.5-13.SP3_redhat_00011.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "product": { "name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "product_id": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@2.3.5-7.SP2_redhat_00005.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "product": { "name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "product_id": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-core@3.0.6-4.Final_redhat_00004.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.1.15-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-modules@1.8.10-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.11-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.0.23-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "product": { "name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "product_id": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.3.1-13.Final_redhat_00014.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-client@1.0.22-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "product": { "name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "product_id": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.2.9-4.GA_redhat_00003.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.22-1.Final_redhat_00001.1.el8eap?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch" }, "product_reference": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src" }, "product_reference": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch" }, "product_reference": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src" }, "product_reference": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src" }, "product_reference": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch" }, "product_reference": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src" }, "product_reference": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch" }, "product_reference": "eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch" }, "product_reference": "eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch" }, "product_reference": "eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch" }, "product_reference": "eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch" }, "product_reference": "eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch" }, "product_reference": "eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src" }, "product_reference": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8", "product_id": "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.2" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Guillaume Smet" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2019-14900", "cwe": { "id": "CWE-89", "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)" }, "discovery_date": "2019-01-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1666499" } ], "notes": [ { "category": "description", "text": "A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "hibernate: SQL injection issue in Hibernate ORM", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenDaylight:\nIn RHOSP10, RHOSP13 and RHOSP14 editions of Red Hat OpenStack platform, the hibernate-jfa library shipped with OpenDaylight is contains a flaw in the processing of SQL queries. The hibernate-jha implemenation is not used in a vulnerable way in OpenDaylight, preventing the potential for SQL injection.\n\nRed Hat Satellite 6.2, 6.3 and 6.4 contains affected versions of hibernate-core in its candlepin component. However, that component does not use hibernate-core in a vulnerable way.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-14900" }, { "category": "external", "summary": "RHBZ#1666499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-14900", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14900" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900" } ], "release_date": "2020-05-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:06+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3639" }, { "category": "workaround", "details": "There is no currently known mitigation for this flaw.", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hibernate: SQL injection issue in Hibernate ORM" }, { "acknowledgments": [ { "names": [ "Mirko Selber" ], "organization": "Compass Security" } ], "cve": "CVE-2020-1695", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2019-07-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1730462" } ], "notes": [ { "category": "description", "text": "A flaw was found in Resteasy, where an improper input validation results in returning an illegal header that integrates into the server\u0027s response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.", "title": "Vulnerability description" }, { "category": "summary", "text": "resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1695" }, { "category": "external", "summary": "RHBZ#1730462", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730462" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1695", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1695" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1695", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1695" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:06+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3639" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" }, "products": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class" }, { "cve": "CVE-2020-1710", "cwe": { "id": "CWE-113", "name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)" }, "discovery_date": "2019-12-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1793970" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in JBoss EAP, where it does not process the header field-name in accordance with RFC7230. Whitespace between the header field-name and colon is processed, resulting in an HTTP response code of 200 instead of a bad request of 400.", "title": "Vulnerability description" }, { "category": "summary", "text": "EAP: field-name is not parsed in accordance to RFC7230", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1710" }, { "category": "external", "summary": "RHBZ#1793970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1710", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1710" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:06+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3639" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "EAP: field-name is not parsed in accordance to RFC7230" }, { "cve": "CVE-2020-1748", "cwe": { "id": "CWE-285", "name": "Improper Authorization" }, "discovery_date": "2020-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1807707" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.", "title": "Vulnerability description" }, { "category": "summary", "text": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1748" }, { "category": "external", "summary": "RHBZ#1807707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1748", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1748" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:06+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3639" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain" }, { "acknowledgments": [ { "names": [ "An Trinh" ] } ], "cve": "CVE-2020-6950", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2019-12-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1805006" } ], "notes": [ { "category": "description", "text": "A flaw was found in Eclipse Mojarra before version 2.3.14, where it is vulnerable to a path traversal flaw via the loc parameter or the con parameter. An attacker could exploit this flaw to read arbitrary files.", "title": "Vulnerability description" }, { "category": "summary", "text": "Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-6950" }, { "category": "external", "summary": "RHBZ#1805006", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805006" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6950", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6950" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6950", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6950" }, { "category": "external", "summary": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=550943", "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=550943" }, { "category": "external", "summary": "https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24", "url": "https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24" }, { "category": "external", "summary": "https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741", "url": "https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741" }, { "category": "external", "summary": "https://github.com/eclipse-ee4j/mojarra/issues/4571", "url": "https://github.com/eclipse-ee4j/mojarra/issues/4571" }, { "category": "external", "summary": "https://github.com/javaserverfaces/mojarra/issues/4364", "url": "https://github.com/javaserverfaces/mojarra/issues/4364" } ], "release_date": "2020-02-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:06+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3639" }, { "category": "workaround", "details": "There is no currently known mitigation for this flaw.", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371" }, { "cve": "CVE-2020-8840", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816330" } ], "notes": [ { "category": "description", "text": "A flaw was found in FasterXML jackson-databind in versions 2.0.0 through 2.9.10.2. A \"gadget\" exploit is possible due to a lack of a Java object being blocking from being deserialized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Lacks certain xbean-reflect/JNDI blocking", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-8840" }, { "category": "external", "summary": "RHBZ#1816330", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816330" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8840", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8840" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8840", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8840" } ], "release_date": "2020-03-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:06+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3639" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Lacks certain xbean-reflect/JNDI blocking" }, { "cve": "CVE-2020-9546", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816332" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in shaded-hikari-config", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-9546" }, { "category": "external", "summary": "RHBZ#1816332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816332" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-9546", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9546" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9546", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9546" } ], "release_date": "2020-03-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:06+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3639" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in shaded-hikari-config" }, { "cve": "CVE-2020-9547", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816337" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in ibatis-sqlmap", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-9547" }, { "category": "external", "summary": "RHBZ#1816337", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816337" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-9547", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9547" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9547", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9547" } ], "release_date": "2020-03-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:06+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3639" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in ibatis-sqlmap" }, { "cve": "CVE-2020-9548", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816340" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in anteros-core", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-9548" }, { "category": "external", "summary": "RHBZ#1816340", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816340" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-9548", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9548" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9548", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9548" } ], "release_date": "2020-03-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:06+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3639" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in anteros-core" }, { "cve": "CVE-2020-10672", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1815495" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10672" }, { "category": "external", "summary": "RHBZ#1815495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10672", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10672" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672" } ], "release_date": "2020-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:06+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3639" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution" }, { "cve": "CVE-2020-10673", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1815470" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time. Additionally, the gadget is not available within Red Hat Openstack Platform\u0027s OpenDaylight.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10673" }, { "category": "external", "summary": "RHBZ#1815470", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10673", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10673" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673" } ], "release_date": "2020-03-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:06+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3639" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution" }, { "acknowledgments": [ { "names": [ "Adith Sudhakar" ] } ], "cve": "CVE-2020-10683", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2019-03-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1694235" } ], "notes": [ { "category": "description", "text": "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.", "title": "Vulnerability description" }, { "category": "summary", "text": "dom4j: XML External Entity vulnerability in default SAX parser", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform ships a vulnerable version of dom4j library. However it\u0027s used to parse configuration files, which are local disk resources. We\u0027ve rated this issue with a moderate impact for OpenShift Container Platform.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10683" }, { "category": "external", "summary": "RHBZ#1694235", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10683", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10683" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:06+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3639" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "dom4j: XML External Entity vulnerability in default SAX parser" }, { "acknowledgments": [ { "names": [ "Aaron Ogburn" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-10687", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2019-06-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1785049" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.", "title": "Vulnerability description" }, { "category": "summary", "text": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10687" }, { "category": "external", "summary": "RHBZ#1785049", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10687", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10687" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:06+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3639" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests" }, { "acknowledgments": [ { "names": [ "Alvaro Mu\u00f1oz" ], "organization": "GitHub Security Labs" } ], "cve": "CVE-2020-10693", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2020-02-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1805501" } ], "notes": [ { "category": "description", "text": "A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.", "title": "Vulnerability description" }, { "category": "summary", "text": "hibernate-validator: Improper input validation in the interpolation of constraint error messages", "title": "Vulnerability summary" }, { "category": "other", "text": "hibernate-validator is packaged with Red Hat OpenStack Platform 13.0\u0027s OpenDaylight (ODL). However, because ODL is technical preview in this version and the flaw is moderate, Red Hat will not be releasing a fix for the OpenStack package at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10693" }, { "category": "external", "summary": "RHBZ#1805501", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10693", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10693" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693" } ], "release_date": "2020-05-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:06+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3639" }, { "category": "workaround", "details": "You can pass user input as an expression variable by unwrapping the context to HibernateConstraintValidatorContext. Please refer to the https://in.relation.to/2020/05/07/hibernate-validator-615-6020-released/ and https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#_the_code_constraintvalidatorcontext_code.", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hibernate-validator: Improper input validation in the interpolation of constraint error messages" }, { "acknowledgments": [ { "names": [ "Mark Banierink" ], "organization": "Nedap" } ], "cve": "CVE-2020-10714", "cwe": { "id": "CWE-384", "name": "Session Fixation" }, "discovery_date": "2020-03-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1825714" } ], "notes": [ { "category": "description", "text": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly-elytron: session fixation when using FORM authentication", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10714" }, { "category": "external", "summary": "RHBZ#1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10714", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10714" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714" } ], "release_date": "2020-04-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:06+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3639" }, { "category": "workaround", "details": "This attack is dependent on the attacker being able to create a session and the victim accessing the session before the session expires, we do have a 15 minute session timeout by default but the attacker could also keep this alive by say sending in a request every five minutes.\n\nThe server by default supports session tracking by URL and Cookie, if the web.xml is updated to support COOKIE only the exploit is not possible by sharing the link.\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eURL\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~\nTO\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eCOOKIE\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly-elytron: session fixation when using FORM authentication" }, { "acknowledgments": [ { "names": [ "James R. Perkins" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-10718", "cwe": { "id": "CWE-749", "name": "Exposed Dangerous Method or Function" }, "discovery_date": "2020-03-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1828476" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10718" }, { "category": "external", "summary": "RHBZ#1828476", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10718", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10718" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:06+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3639" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API" }, { "acknowledgments": [ { "names": [ "Moritz Bechler" ], "organization": "SySS GmbH" } ], "cve": "CVE-2020-10740", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1834512" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans (EJB) due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10740" }, { "category": "external", "summary": "RHBZ#1834512", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10740", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10740" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740" } ], "release_date": "2020-06-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:06+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3639" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans" }, { "cve": "CVE-2020-14297", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-07-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1853595" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly\u0027s EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14297" }, { "category": "external", "summary": "RHBZ#1853595", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14297", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14297" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297" } ], "release_date": "2020-07-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:06+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3639" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service" }, { "cve": "CVE-2020-14307", "cwe": { "id": "CWE-404", "name": "Improper Resource Shutdown or Release" }, "discovery_date": "2020-06-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1851327" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Wildfly\u0027s Enterprise Java Beans (EJB), where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14307" }, { "category": "external", "summary": "RHBZ#1851327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14307", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14307" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307" } ], "release_date": "2020-07-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:58:06+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3639" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service" } ] }
rhsa-2020_3461
Vulnerability from csaf_redhat
Published
2020-08-17 13:28
Modified
2024-12-08 11:27
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.2 security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.3.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.1, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.2 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)
* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)
* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)
* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)
* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)
* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)
* undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)
* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)
* wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)
* wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.3.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.1, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.2 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)\n\n* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)\n\n* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)\n\n* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)\n\n* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)\n\n* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)\n\n* undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)\n\n* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)\n\n* wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)\n\n* wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:3461", "url": "https://access.redhat.com/errata/RHSA-2020:3461" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/" }, { "category": "external", "summary": "1666499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499" }, { "category": "external", "summary": "1694235", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235" }, { "category": "external", "summary": "1785049", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" }, { "category": "external", "summary": "1793970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" }, { "category": "external", "summary": "1805501", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501" }, { "category": "external", "summary": "1807707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707" }, { "category": "external", "summary": "1815470", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470" }, { "category": "external", "summary": "1815495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495" }, { "category": "external", "summary": "1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "1828476", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476" }, { "category": "external", "summary": "1834512", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512" }, { "category": "external", "summary": "1853595", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595" }, { "category": "external", "summary": "JBEAP-19095", "url": "https://issues.redhat.com/browse/JBEAP-19095" }, { "category": "external", "summary": "JBEAP-19134", "url": "https://issues.redhat.com/browse/JBEAP-19134" }, { "category": "external", "summary": "JBEAP-19185", "url": "https://issues.redhat.com/browse/JBEAP-19185" }, { "category": "external", "summary": "JBEAP-19203", "url": "https://issues.redhat.com/browse/JBEAP-19203" }, { "category": "external", "summary": "JBEAP-19269", "url": "https://issues.redhat.com/browse/JBEAP-19269" }, { "category": "external", "summary": "JBEAP-19322", "url": "https://issues.redhat.com/browse/JBEAP-19322" }, { "category": "external", "summary": "JBEAP-19325", "url": "https://issues.redhat.com/browse/JBEAP-19325" }, { "category": "external", "summary": "JBEAP-19397", "url": "https://issues.redhat.com/browse/JBEAP-19397" }, { "category": "external", "summary": "JBEAP-19409", "url": "https://issues.redhat.com/browse/JBEAP-19409" }, { "category": "external", "summary": "JBEAP-19529", "url": "https://issues.redhat.com/browse/JBEAP-19529" }, { "category": "external", "summary": "JBEAP-19564", "url": "https://issues.redhat.com/browse/JBEAP-19564" }, { "category": "external", "summary": "JBEAP-19585", "url": "https://issues.redhat.com/browse/JBEAP-19585" }, { "category": "external", "summary": "JBEAP-19617", "url": "https://issues.redhat.com/browse/JBEAP-19617" }, { "category": "external", "summary": "JBEAP-19619", "url": "https://issues.redhat.com/browse/JBEAP-19619" }, { "category": "external", "summary": "JBEAP-19673", "url": "https://issues.redhat.com/browse/JBEAP-19673" }, { "category": "external", "summary": "JBEAP-19674", "url": "https://issues.redhat.com/browse/JBEAP-19674" }, { "category": "external", "summary": "JBEAP-19874", "url": "https://issues.redhat.com/browse/JBEAP-19874" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3461.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.2 security update", "tracking": { "current_release_date": "2024-12-08T11:27:20+00:00", "generator": { "date": "2024-12-08T11:27:20+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2020:3461", "initial_release_date": "2020-08-17T13:28:01+00:00", "revision_history": [ { "date": "2020-08-17T13:28:01+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-08-17T13:28:01+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-08T11:27:20+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product": { "name": "Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-elytron-web@1.6.2-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "product": { "name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "product_id": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.8-1.SP1_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "product": { "name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "product_id": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.9-11.SP11_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "product": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-4.SP04_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty@4.1.48-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.10.7-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.2.9-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan@9.4.19-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "product": { "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "product_id": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.10.4-1.redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "product": { "name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "product_id": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-common@1.5.2-1.Final_redhat_00002.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "product": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "product_id": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-dom4j@2.1.3-1.redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.1.15-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.17-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.20-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-genericjms@2.0.6-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.22-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "product": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "product_id": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.0.30-4.SP4_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "product": { "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "product_id": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.10.4-1.redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "product": { "name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "product_id": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-core@2.10.4-1.redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "product": { "name": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "product_id": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-providers@2.10.4-1.redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "product": { "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "product_id": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.10.4-1.redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "product": { "name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "product_id": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.10.4-1.redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "product": { "name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "product_id": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.1-7.Final_redhat_00009.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-client@1.0.22-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "product": { "name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "product_id": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.3.2-4.GA_redhat_00002.1.el6eap?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow-server@1.6.2-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "product_id": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.8-1.SP1_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "product_id": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.9-11.SP11_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-4.SP04_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty@4.1.48-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-all@4.1.48-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.10.7-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.10.7-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.2.9-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan@9.4.19-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-jdbc@9.4.19-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-remote@9.4.19-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-client-hotrod@9.4.19-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-commons@9.4.19-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-core@9.4.19-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-commons@9.4.19-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-spi@9.4.19-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-v53@9.4.19-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product_id": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.10.4-1.redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "product": { "name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "product_id": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-common@1.5.2-1.Final_redhat_00002.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "product_id": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-dom4j@2.1.3-1.redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.1.15-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.17-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.17-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.17-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.17-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.17-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.20-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator-cdi@6.0.20-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-genericjms@2.0.6-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "product_id": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.0.30-4.SP4_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product_id": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.10.4-1.redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product_id": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-core@2.10.4-1.redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product_id": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-base@2.10.4-1.redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product_id": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-json-provider@2.10.4-1.redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product_id": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-datatype-jdk8@2.10.4-1.redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product_id": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-datatype-jsr310@2.10.4-1.redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product_id": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.10.4-1.redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product_id": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-module-jaxb-annotations@2.10.4-1.redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product_id": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.10.4-1.redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4-to-eap7.3@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2-to-eap7.3@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.3-server@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly13.0-server@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly14.0-server@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly15.0-server@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly16.0-server@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly17.0-server@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly18.0-server@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-client-common@1.0.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-ejb-client@1.0.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-naming-client@1.0.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-transaction-client@1.0.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "product": { "name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "product_id": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.3.2-4.GA_redhat_00002.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "product": { "name": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "product_id": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.3.2-4.GA_redhat_00002.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "product": { "name": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "product_id": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.3.2-4.GA_redhat_00002.1.el6eap?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src" }, "product_reference": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src" }, "product_reference": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src" }, "product_reference": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src" }, "product_reference": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src" }, "product_reference": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src" }, "product_reference": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src" }, "product_reference": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src" }, "product_reference": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src" }, "product_reference": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src" }, "product_reference": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Guillaume Smet" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2019-14900", "cwe": { "id": "CWE-89", "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)" }, "discovery_date": "2019-01-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1666499" } ], "notes": [ { "category": "description", "text": "A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "hibernate: SQL injection issue in Hibernate ORM", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenDaylight:\nIn RHOSP10, RHOSP13 and RHOSP14 editions of Red Hat OpenStack platform, the hibernate-jfa library shipped with OpenDaylight is contains a flaw in the processing of SQL queries. The hibernate-jha implemenation is not used in a vulnerable way in OpenDaylight, preventing the potential for SQL injection.\n\nRed Hat Satellite 6.2, 6.3 and 6.4 contains affected versions of hibernate-core in its candlepin component. However, that component does not use hibernate-core in a vulnerable way.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-14900" }, { "category": "external", "summary": "RHBZ#1666499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-14900", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14900" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900" } ], "release_date": "2020-05-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:01+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3461" }, { "category": "workaround", "details": "There is no currently known mitigation for this flaw.", "product_ids": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hibernate: SQL injection issue in Hibernate ORM" }, { "cve": "CVE-2020-1710", "cwe": { "id": "CWE-113", "name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)" }, "discovery_date": "2019-12-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1793970" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in JBoss EAP, where it does not process the header field-name in accordance with RFC7230. Whitespace between the header field-name and colon is processed, resulting in an HTTP response code of 200 instead of a bad request of 400.", "title": "Vulnerability description" }, { "category": "summary", "text": "EAP: field-name is not parsed in accordance to RFC7230", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1710" }, { "category": "external", "summary": "RHBZ#1793970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1710", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1710" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:01+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3461" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "EAP: field-name is not parsed in accordance to RFC7230" }, { "cve": "CVE-2020-1748", "cwe": { "id": "CWE-285", "name": "Improper Authorization" }, "discovery_date": "2020-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1807707" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.", "title": "Vulnerability description" }, { "category": "summary", "text": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1748" }, { "category": "external", "summary": "RHBZ#1807707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1748", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1748" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:01+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3461" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain" }, { "cve": "CVE-2020-10672", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1815495" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10672" }, { "category": "external", "summary": "RHBZ#1815495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10672", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10672" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672" } ], "release_date": "2020-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:01+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3461" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution" }, { "cve": "CVE-2020-10673", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1815470" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time. Additionally, the gadget is not available within Red Hat Openstack Platform\u0027s OpenDaylight.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10673" }, { "category": "external", "summary": "RHBZ#1815470", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10673", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10673" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673" } ], "release_date": "2020-03-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:01+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3461" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution" }, { "acknowledgments": [ { "names": [ "Adith Sudhakar" ] } ], "cve": "CVE-2020-10683", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2019-03-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1694235" } ], "notes": [ { "category": "description", "text": "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.", "title": "Vulnerability description" }, { "category": "summary", "text": "dom4j: XML External Entity vulnerability in default SAX parser", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform ships a vulnerable version of dom4j library. However it\u0027s used to parse configuration files, which are local disk resources. We\u0027ve rated this issue with a moderate impact for OpenShift Container Platform.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10683" }, { "category": "external", "summary": "RHBZ#1694235", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10683", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10683" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:01+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3461" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "dom4j: XML External Entity vulnerability in default SAX parser" }, { "acknowledgments": [ { "names": [ "Aaron Ogburn" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-10687", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2019-06-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1785049" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.", "title": "Vulnerability description" }, { "category": "summary", "text": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10687" }, { "category": "external", "summary": "RHBZ#1785049", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10687", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10687" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:01+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3461" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests" }, { "acknowledgments": [ { "names": [ "Alvaro Mu\u00f1oz" ], "organization": "GitHub Security Labs" } ], "cve": "CVE-2020-10693", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2020-02-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1805501" } ], "notes": [ { "category": "description", "text": "A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.", "title": "Vulnerability description" }, { "category": "summary", "text": "hibernate-validator: Improper input validation in the interpolation of constraint error messages", "title": "Vulnerability summary" }, { "category": "other", "text": "hibernate-validator is packaged with Red Hat OpenStack Platform 13.0\u0027s OpenDaylight (ODL). However, because ODL is technical preview in this version and the flaw is moderate, Red Hat will not be releasing a fix for the OpenStack package at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10693" }, { "category": "external", "summary": "RHBZ#1805501", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10693", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10693" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693" } ], "release_date": "2020-05-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:01+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3461" }, { "category": "workaround", "details": "You can pass user input as an expression variable by unwrapping the context to HibernateConstraintValidatorContext. Please refer to the https://in.relation.to/2020/05/07/hibernate-validator-615-6020-released/ and https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#_the_code_constraintvalidatorcontext_code.", "product_ids": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hibernate-validator: Improper input validation in the interpolation of constraint error messages" }, { "acknowledgments": [ { "names": [ "Mark Banierink" ], "organization": "Nedap" } ], "cve": "CVE-2020-10714", "cwe": { "id": "CWE-384", "name": "Session Fixation" }, "discovery_date": "2020-03-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1825714" } ], "notes": [ { "category": "description", "text": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly-elytron: session fixation when using FORM authentication", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10714" }, { "category": "external", "summary": "RHBZ#1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10714", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10714" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714" } ], "release_date": "2020-04-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:01+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3461" }, { "category": "workaround", "details": "This attack is dependent on the attacker being able to create a session and the victim accessing the session before the session expires, we do have a 15 minute session timeout by default but the attacker could also keep this alive by say sending in a request every five minutes.\n\nThe server by default supports session tracking by URL and Cookie, if the web.xml is updated to support COOKIE only the exploit is not possible by sharing the link.\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eURL\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~\nTO\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eCOOKIE\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~", "product_ids": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly-elytron: session fixation when using FORM authentication" }, { "acknowledgments": [ { "names": [ "James R. Perkins" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-10718", "cwe": { "id": "CWE-749", "name": "Exposed Dangerous Method or Function" }, "discovery_date": "2020-03-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1828476" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10718" }, { "category": "external", "summary": "RHBZ#1828476", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10718", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10718" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:01+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3461" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API" }, { "acknowledgments": [ { "names": [ "Moritz Bechler" ], "organization": "SySS GmbH" } ], "cve": "CVE-2020-10740", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1834512" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans (EJB) due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10740" }, { "category": "external", "summary": "RHBZ#1834512", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10740", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10740" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740" } ], "release_date": "2020-06-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:01+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3461" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans" }, { "cve": "CVE-2020-11612", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-03-23T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816216" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error (OOME) or exhaustion of the memory pool.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform end users don\u0027t have direct access to send requests to ElasticSearch. A user could need access to the ElasticSearch service on the internal cluster network in order to be able to send malicious requests to it.\n\n\nThird party scanners flagging Red Hat Satellite due to availability of the higher version packages in Red Hat AMQ Clients (through errata RHSA-2020:2605) compare to the qpid packages from Satellite Tools repository. qpid dependency fixed in errata RHSA-2020:2605 was for Red Hat AMQ Clients and it doesn\u0027t necessarily mean that packages from Satellite Tools are affected. These are two different products with different architecture and code-base. Updating the packages from any other repository than the Satellite-tools repository is not recommended for Satellite Customers. \n\nRed Hat Satellite 6.7 and earlier ship affected version of netty, however, there is no external connection being exposed and it is used by only Artemis to open an internal connection within the JVM. Since netty does not come into contact with untrusted data, vulnerability is not exposed in product code and there is no breach of Confidentiality, Integrity or Availability expected from this vulnerability. We may update the netty and its dependency in a future release.\n\nMore information regarding Satellite related packages can be found on KCS: https://access.redhat.com/solutions/5200591", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch" ], "known_not_affected": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11612" }, { "category": "external", "summary": "RHBZ#1816216", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816216" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11612", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11612" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612" } ], "release_date": "2020-01-31T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:01+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3461" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes" }, { "cve": "CVE-2020-14297", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-07-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1853595" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly\u0027s EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14297" }, { "category": "external", "summary": "RHBZ#1853595", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14297", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14297" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297" } ], "release_date": "2020-07-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:01+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3461" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service" }, { "cve": "CVE-2020-14307", "cwe": { "id": "CWE-404", "name": "Improper Resource Shutdown or Release" }, "discovery_date": "2020-06-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1851327" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Wildfly\u0027s Enterprise Java Beans (EJB), where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14307" }, { "category": "external", "summary": "RHBZ#1851327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14307", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14307" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307" } ], "release_date": "2020-07-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-17T13:28:01+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3461" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service" } ] }
rhsa-2020_3637
Vulnerability from csaf_redhat
Published
2020-09-07 12:57
Modified
2024-12-08 11:28
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 6 security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This release of Red Hat JBoss Enterprise Application Platform 7.2.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)
* jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)
* jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)
* jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)
* undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)
* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)
* jsf-impl: Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 (CVE-2020-6950)
* resteasy-jaxrs: resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)
* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)
* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)
* wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)
* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)
* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)
* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)
• wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)
* jboss-ejb-client: wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service (CVE-2020-14307)
* jboss-ejb-client: wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "This release of Red Hat JBoss Enterprise Application Platform 7.2.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)\n\n* jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)\n\n* jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)\n\n* jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)\n\n* undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)\n\n* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)\n\n* jsf-impl: Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 (CVE-2020-6950)\n\n* resteasy-jaxrs: resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)\n\n* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)\n\n* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)\n\n* wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)\n\n* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)\n\n* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)\n\n* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)\n\n\u2022 wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)\n\n* jboss-ejb-client: wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service (CVE-2020-14307)\n\n* jboss-ejb-client: wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:3637", "url": "https://access.redhat.com/errata/RHSA-2020:3637" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/" }, { "category": "external", "summary": "1666499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499" }, { "category": "external", "summary": "1694235", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235" }, { "category": "external", "summary": "1730462", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730462" }, { "category": "external", "summary": "1785049", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" }, { "category": "external", "summary": "1793970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" }, { "category": "external", "summary": "1805006", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805006" }, { "category": "external", "summary": "1805501", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501" }, { "category": "external", "summary": "1807707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707" }, { "category": "external", "summary": "1815470", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470" }, { "category": "external", "summary": "1815495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495" }, { "category": "external", "summary": "1816330", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816330" }, { "category": "external", "summary": "1816332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816332" }, { "category": "external", "summary": "1816337", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816337" }, { "category": "external", "summary": "1816340", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816340" }, { "category": "external", "summary": "1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "1828476", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476" }, { "category": "external", "summary": "1834512", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512" }, { "category": "external", "summary": "1851327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327" }, { "category": "external", "summary": "1853595", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595" }, { "category": "external", "summary": "JBEAP-18366", "url": "https://issues.redhat.com/browse/JBEAP-18366" }, { "category": "external", "summary": "JBEAP-18667", "url": "https://issues.redhat.com/browse/JBEAP-18667" }, { "category": "external", "summary": "JBEAP-18849", "url": "https://issues.redhat.com/browse/JBEAP-18849" }, { "category": "external", "summary": "JBEAP-18880", "url": "https://issues.redhat.com/browse/JBEAP-18880" }, { "category": "external", "summary": "JBEAP-18906", "url": "https://issues.redhat.com/browse/JBEAP-18906" }, { "category": "external", "summary": "JBEAP-18919", "url": "https://issues.redhat.com/browse/JBEAP-18919" }, { "category": "external", "summary": "JBEAP-18965", "url": "https://issues.redhat.com/browse/JBEAP-18965" }, { "category": "external", "summary": "JBEAP-19038", "url": "https://issues.redhat.com/browse/JBEAP-19038" }, { "category": "external", "summary": "JBEAP-19058", "url": "https://issues.redhat.com/browse/JBEAP-19058" }, { "category": "external", "summary": "JBEAP-19120", "url": "https://issues.redhat.com/browse/JBEAP-19120" }, { "category": "external", "summary": "JBEAP-19255", "url": "https://issues.redhat.com/browse/JBEAP-19255" }, { "category": "external", "summary": "JBEAP-19271", "url": "https://issues.redhat.com/browse/JBEAP-19271" }, { "category": "external", "summary": "JBEAP-19315", "url": "https://issues.redhat.com/browse/JBEAP-19315" }, { "category": "external", "summary": "JBEAP-19463", "url": "https://issues.redhat.com/browse/JBEAP-19463" }, { "category": "external", "summary": "JBEAP-19565", "url": "https://issues.redhat.com/browse/JBEAP-19565" }, { "category": "external", "summary": "JBEAP-19587", "url": "https://issues.redhat.com/browse/JBEAP-19587" }, { "category": "external", "summary": "JBEAP-19620", "url": "https://issues.redhat.com/browse/JBEAP-19620" }, { "category": "external", "summary": "JBEAP-19624", "url": "https://issues.redhat.com/browse/JBEAP-19624" }, { "category": "external", "summary": "JBEAP-19703", "url": "https://issues.redhat.com/browse/JBEAP-19703" }, { "category": "external", "summary": "JBEAP-19704", "url": "https://issues.redhat.com/browse/JBEAP-19704" }, { "category": "external", "summary": "JBEAP-19798", "url": "https://issues.redhat.com/browse/JBEAP-19798" }, { "category": "external", "summary": "JBEAP-19837", "url": "https://issues.redhat.com/browse/JBEAP-19837" }, { "category": "external", "summary": "JBEAP-19875", "url": "https://issues.redhat.com/browse/JBEAP-19875" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3637.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 6 security update", "tracking": { "current_release_date": "2024-12-08T11:28:15+00:00", "generator": { "date": "2024-12-08T11:28:15+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2020:3637", "initial_release_date": "2020-09-07T12:57:26+00:00", "revision_history": [ { "date": "2020-09-07T12:57:26+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-09-07T12:57:26+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-08T11:28:15+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product": { "name": "Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.20-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator-cdi@6.0.20-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow-server@1.2.5-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "product_id": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-dom4j@2.1.3-1.redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_id": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_id": "eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-atom-provider@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_id": "eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-cdi@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_id": "eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-client@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_id": "eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-client-microprofile@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_id": "eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-crypto@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_id": "eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jackson-provider@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_id": "eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jackson2-provider@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_id": "eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jaxb-provider@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_id": "eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jaxrs@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_id": "eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jettison-provider@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_id": "eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jose-jwt@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_id": "eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jsapi@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_id": "eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-json-binding-provider@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_id": "eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-json-p-provider@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_id": "eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-multipart-provider@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_id": "eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-rxjava2@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_id": "eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-spring@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_id": "eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-validator-provider-11@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_id": "eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-yaml-provider@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "product_id": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.6-4.SP3_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "product_id": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.9.10.4-1.redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.17-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.17-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.17-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.17-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.17-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-genericjms@2.0.6-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "product_id": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.0.30-4.SP4_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.6.8-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "product": { "name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "product_id": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.5-13.SP3_redhat_00011.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "product": { "name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "product_id": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@2.3.5-7.SP2_redhat_00005.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.1.15-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "product": { "name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "product_id": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-core@3.0.6-4.Final_redhat_00004.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "product": { "name": "eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "product_id": "eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-core-impl@3.0.6-4.Final_redhat_00004.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "product": { "name": "eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "product_id": "eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-core-jsf@3.0.6-4.Final_redhat_00004.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "product": { "name": "eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "product_id": "eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-ejb@3.0.6-4.Final_redhat_00004.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "product": { "name": "eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "product_id": "eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-jta@3.0.6-4.Final_redhat_00004.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "product": { "name": "eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "product_id": "eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-probe-core@3.0.6-4.Final_redhat_00004.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "product": { "name": "eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "product_id": "eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-web@3.0.6-4.Final_redhat_00004.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-modules@1.8.10-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.11-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.0.23-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly13.0-server@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly14.0-server@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-client-common@1.0.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-ejb-client@1.0.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-naming-client@1.0.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-transaction-client@1.0.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "product": { "name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "product_id": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.2.9-4.GA_redhat_00003.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "product": { "name": "eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "product_id": "eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.2.9-4.GA_redhat_00003.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "product": { "name": "eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "product_id": "eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.2.9-4.GA_redhat_00003.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.20-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-elytron-web@1.2.5-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "product": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "product_id": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-dom4j@2.1.3-1.redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "product": { "name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "product_id": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "product": { "name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "product_id": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.6-4.SP3_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "product": { "name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "product_id": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.9.10.4-1.redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.17-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-genericjms@2.0.6-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "product": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "product_id": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.0.30-4.SP4_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.6.8-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "product": { "name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "product_id": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.5-13.SP3_redhat_00011.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "product": { "name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "product_id": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@2.3.5-7.SP2_redhat_00005.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.1.15-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "product": { "name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "product_id": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-core@3.0.6-4.Final_redhat_00004.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-modules@1.8.10-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.11-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.0.23-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "product": { "name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "product_id": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.3.1-13.Final_redhat_00014.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-client@1.0.22-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "product": { "name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "product_id": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.2.9-4.GA_redhat_00003.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.22-1.Final_redhat_00001.1.el6eap?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src" }, "product_reference": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch" }, "product_reference": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src" }, "product_reference": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src" }, "product_reference": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch" }, "product_reference": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src" }, "product_reference": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src" }, "product_reference": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch" }, "product_reference": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src" }, "product_reference": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch" }, "product_reference": "eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch" }, "product_reference": "eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch" }, "product_reference": "eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch" }, "product_reference": "eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch" }, "product_reference": "eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch" }, "product_reference": "eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src" }, "product_reference": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.2" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.2" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Guillaume Smet" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2019-14900", "cwe": { "id": "CWE-89", "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)" }, "discovery_date": "2019-01-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1666499" } ], "notes": [ { "category": "description", "text": "A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "hibernate: SQL injection issue in Hibernate ORM", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenDaylight:\nIn RHOSP10, RHOSP13 and RHOSP14 editions of Red Hat OpenStack platform, the hibernate-jfa library shipped with OpenDaylight is contains a flaw in the processing of SQL queries. The hibernate-jha implemenation is not used in a vulnerable way in OpenDaylight, preventing the potential for SQL injection.\n\nRed Hat Satellite 6.2, 6.3 and 6.4 contains affected versions of hibernate-core in its candlepin component. However, that component does not use hibernate-core in a vulnerable way.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-14900" }, { "category": "external", "summary": "RHBZ#1666499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-14900", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14900" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900" } ], "release_date": "2020-05-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:57:26+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3637" }, { "category": "workaround", "details": "There is no currently known mitigation for this flaw.", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hibernate: SQL injection issue in Hibernate ORM" }, { "acknowledgments": [ { "names": [ "Mirko Selber" ], "organization": "Compass Security" } ], "cve": "CVE-2020-1695", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2019-07-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1730462" } ], "notes": [ { "category": "description", "text": "A flaw was found in Resteasy, where an improper input validation results in returning an illegal header that integrates into the server\u0027s response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.", "title": "Vulnerability description" }, { "category": "summary", "text": "resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1695" }, { "category": "external", "summary": "RHBZ#1730462", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730462" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1695", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1695" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1695", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1695" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:57:26+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3637" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" }, "products": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class" }, { "cve": "CVE-2020-1710", "cwe": { "id": "CWE-113", "name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)" }, "discovery_date": "2019-12-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1793970" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in JBoss EAP, where it does not process the header field-name in accordance with RFC7230. Whitespace between the header field-name and colon is processed, resulting in an HTTP response code of 200 instead of a bad request of 400.", "title": "Vulnerability description" }, { "category": "summary", "text": "EAP: field-name is not parsed in accordance to RFC7230", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1710" }, { "category": "external", "summary": "RHBZ#1793970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1710", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1710" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:57:26+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3637" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "EAP: field-name is not parsed in accordance to RFC7230" }, { "cve": "CVE-2020-1748", "cwe": { "id": "CWE-285", "name": "Improper Authorization" }, "discovery_date": "2020-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1807707" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.", "title": "Vulnerability description" }, { "category": "summary", "text": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1748" }, { "category": "external", "summary": "RHBZ#1807707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1748", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1748" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:57:26+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3637" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain" }, { "acknowledgments": [ { "names": [ "An Trinh" ] } ], "cve": "CVE-2020-6950", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2019-12-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1805006" } ], "notes": [ { "category": "description", "text": "A flaw was found in Eclipse Mojarra before version 2.3.14, where it is vulnerable to a path traversal flaw via the loc parameter or the con parameter. An attacker could exploit this flaw to read arbitrary files.", "title": "Vulnerability description" }, { "category": "summary", "text": "Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-6950" }, { "category": "external", "summary": "RHBZ#1805006", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805006" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6950", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6950" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6950", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6950" }, { "category": "external", "summary": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=550943", "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=550943" }, { "category": "external", "summary": "https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24", "url": "https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24" }, { "category": "external", "summary": "https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741", "url": "https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741" }, { "category": "external", "summary": "https://github.com/eclipse-ee4j/mojarra/issues/4571", "url": "https://github.com/eclipse-ee4j/mojarra/issues/4571" }, { "category": "external", "summary": "https://github.com/javaserverfaces/mojarra/issues/4364", "url": "https://github.com/javaserverfaces/mojarra/issues/4364" } ], "release_date": "2020-02-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:57:26+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3637" }, { "category": "workaround", "details": "There is no currently known mitigation for this flaw.", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371" }, { "cve": "CVE-2020-8840", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816330" } ], "notes": [ { "category": "description", "text": "A flaw was found in FasterXML jackson-databind in versions 2.0.0 through 2.9.10.2. A \"gadget\" exploit is possible due to a lack of a Java object being blocking from being deserialized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Lacks certain xbean-reflect/JNDI blocking", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-8840" }, { "category": "external", "summary": "RHBZ#1816330", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816330" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8840", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8840" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8840", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8840" } ], "release_date": "2020-03-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:57:26+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3637" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Lacks certain xbean-reflect/JNDI blocking" }, { "cve": "CVE-2020-9546", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816332" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in shaded-hikari-config", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-9546" }, { "category": "external", "summary": "RHBZ#1816332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816332" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-9546", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9546" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9546", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9546" } ], "release_date": "2020-03-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:57:26+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3637" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in shaded-hikari-config" }, { "cve": "CVE-2020-9547", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816337" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in ibatis-sqlmap", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-9547" }, { "category": "external", "summary": "RHBZ#1816337", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816337" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-9547", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9547" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9547", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9547" } ], "release_date": "2020-03-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:57:26+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3637" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in ibatis-sqlmap" }, { "cve": "CVE-2020-9548", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816340" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in anteros-core", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-9548" }, { "category": "external", "summary": "RHBZ#1816340", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816340" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-9548", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9548" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9548", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9548" } ], "release_date": "2020-03-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:57:26+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3637" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in anteros-core" }, { "cve": "CVE-2020-10672", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1815495" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10672" }, { "category": "external", "summary": "RHBZ#1815495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10672", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10672" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672" } ], "release_date": "2020-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:57:26+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3637" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution" }, { "cve": "CVE-2020-10673", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1815470" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time. Additionally, the gadget is not available within Red Hat Openstack Platform\u0027s OpenDaylight.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10673" }, { "category": "external", "summary": "RHBZ#1815470", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10673", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10673" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673" } ], "release_date": "2020-03-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:57:26+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3637" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution" }, { "acknowledgments": [ { "names": [ "Adith Sudhakar" ] } ], "cve": "CVE-2020-10683", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2019-03-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1694235" } ], "notes": [ { "category": "description", "text": "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.", "title": "Vulnerability description" }, { "category": "summary", "text": "dom4j: XML External Entity vulnerability in default SAX parser", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform ships a vulnerable version of dom4j library. However it\u0027s used to parse configuration files, which are local disk resources. We\u0027ve rated this issue with a moderate impact for OpenShift Container Platform.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10683" }, { "category": "external", "summary": "RHBZ#1694235", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10683", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10683" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:57:26+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3637" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "dom4j: XML External Entity vulnerability in default SAX parser" }, { "acknowledgments": [ { "names": [ "Aaron Ogburn" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-10687", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2019-06-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1785049" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.", "title": "Vulnerability description" }, { "category": "summary", "text": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10687" }, { "category": "external", "summary": "RHBZ#1785049", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10687", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10687" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:57:26+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3637" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests" }, { "acknowledgments": [ { "names": [ "Alvaro Mu\u00f1oz" ], "organization": "GitHub Security Labs" } ], "cve": "CVE-2020-10693", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2020-02-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1805501" } ], "notes": [ { "category": "description", "text": "A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.", "title": "Vulnerability description" }, { "category": "summary", "text": "hibernate-validator: Improper input validation in the interpolation of constraint error messages", "title": "Vulnerability summary" }, { "category": "other", "text": "hibernate-validator is packaged with Red Hat OpenStack Platform 13.0\u0027s OpenDaylight (ODL). However, because ODL is technical preview in this version and the flaw is moderate, Red Hat will not be releasing a fix for the OpenStack package at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10693" }, { "category": "external", "summary": "RHBZ#1805501", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10693", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10693" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693" } ], "release_date": "2020-05-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:57:26+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3637" }, { "category": "workaround", "details": "You can pass user input as an expression variable by unwrapping the context to HibernateConstraintValidatorContext. Please refer to the https://in.relation.to/2020/05/07/hibernate-validator-615-6020-released/ and https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#_the_code_constraintvalidatorcontext_code.", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hibernate-validator: Improper input validation in the interpolation of constraint error messages" }, { "acknowledgments": [ { "names": [ "Mark Banierink" ], "organization": "Nedap" } ], "cve": "CVE-2020-10714", "cwe": { "id": "CWE-384", "name": "Session Fixation" }, "discovery_date": "2020-03-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1825714" } ], "notes": [ { "category": "description", "text": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly-elytron: session fixation when using FORM authentication", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10714" }, { "category": "external", "summary": "RHBZ#1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10714", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10714" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714" } ], "release_date": "2020-04-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:57:26+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3637" }, { "category": "workaround", "details": "This attack is dependent on the attacker being able to create a session and the victim accessing the session before the session expires, we do have a 15 minute session timeout by default but the attacker could also keep this alive by say sending in a request every five minutes.\n\nThe server by default supports session tracking by URL and Cookie, if the web.xml is updated to support COOKIE only the exploit is not possible by sharing the link.\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eURL\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~\nTO\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eCOOKIE\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly-elytron: session fixation when using FORM authentication" }, { "acknowledgments": [ { "names": [ "James R. Perkins" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-10718", "cwe": { "id": "CWE-749", "name": "Exposed Dangerous Method or Function" }, "discovery_date": "2020-03-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1828476" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10718" }, { "category": "external", "summary": "RHBZ#1828476", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10718", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10718" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:57:26+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3637" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API" }, { "acknowledgments": [ { "names": [ "Moritz Bechler" ], "organization": "SySS GmbH" } ], "cve": "CVE-2020-10740", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1834512" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans (EJB) due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10740" }, { "category": "external", "summary": "RHBZ#1834512", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10740", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10740" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740" } ], "release_date": "2020-06-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:57:26+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3637" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans" }, { "cve": "CVE-2020-14297", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-07-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1853595" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly\u0027s EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14297" }, { "category": "external", "summary": "RHBZ#1853595", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14297", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14297" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297" } ], "release_date": "2020-07-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:57:26+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3637" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service" }, { "cve": "CVE-2020-14307", "cwe": { "id": "CWE-404", "name": "Improper Resource Shutdown or Release" }, "discovery_date": "2020-06-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1851327" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Wildfly\u0027s Enterprise Java Beans (EJB), where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14307" }, { "category": "external", "summary": "RHBZ#1851327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14307", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14307" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307" } ], "release_date": "2020-07-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-07T12:57:26+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3637" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src", "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service" } ] }
rhsa-2024_5856
Vulnerability from csaf_redhat
Published
2024-08-26 11:05
Modified
2024-12-08 11:16
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.7 on RHEL 7 security update
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.1.7 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.6, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.1.7 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* undertow: EAP: field-name is not parsed in accordance to RFC7230 [eap-7.1.z] (CVE-2020-1710)
* commons-beanutils: apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default [eap-7.1.z] (CVE-2019-10086)
* log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink [eap-7.1.z] (CVE-2022-23302)
* jackson-databind: default typing mishandling leading to remote code execution [eap-7.1.z] (CVE-2019-14379)
* undertow: HTTP/2: flood using HEADERS frames results in unbounded memory growth [eap-7.1.z] (CVE-2019-9514)
* undertow: AJP File Read/Inclusion Vulnerability [eap-7.1.z] (CVE-2020-1745)
* undertow: HTTP/2: large amount of data requests leads to denial of service [eap-7.1.z] (CVE-2019-9511)
* undertow: servletPath in normalized incorrectly leading to dangerous application mapping which could result in security bypass [eap-7.1.z] (CVE-2020-1757)
* undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS [eap-7.1.z] (CVE-2019-14888)
* log4j: Unsafe deserialization flaw in Chainsaw log viewer [eap-7.1.z] (CVE-2022-23307)
* netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header [eap-7.1.z] (CVE-2019-20445)
* log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender [eap-7.1.z] (CVE-2021-4104)
* undertow: HTTP/2: flood using SETTINGS frames results in unbounded memory growth [eap-7.1.z] (CVE-2019-9515)
* infinispan-core: infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods [eap-7.1.z] (CVE-2019-10174)
* log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender [eap-7.1.z] (CVE-2022-23305)
* jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution [eap-7.1.z] (CVE-2019-12384)
* wildfly-security-manager: security manager authorization bypass (CVE-2019-14843)
* HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)
* netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers (CVE-2019-16869)
* jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.* (CVE-2019-17531)
* netty: HTTP request smuggling (CVE-2019-20444)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 7.\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.1.7 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.6, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.1.7 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* undertow: EAP: field-name is not parsed in accordance to RFC7230 [eap-7.1.z] (CVE-2020-1710)\n\n* commons-beanutils: apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default [eap-7.1.z] (CVE-2019-10086)\n\n* log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink [eap-7.1.z] (CVE-2022-23302)\n\n* jackson-databind: default typing mishandling leading to remote code execution [eap-7.1.z] (CVE-2019-14379)\n\n* undertow: HTTP/2: flood using HEADERS frames results in unbounded memory growth [eap-7.1.z] (CVE-2019-9514)\n\n* undertow: AJP File Read/Inclusion Vulnerability [eap-7.1.z] (CVE-2020-1745)\n\n* undertow: HTTP/2: large amount of data requests leads to denial of service [eap-7.1.z] (CVE-2019-9511)\n\n* undertow: servletPath in normalized incorrectly leading to dangerous application mapping which could result in security bypass [eap-7.1.z] (CVE-2020-1757)\n\n* undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS [eap-7.1.z] (CVE-2019-14888)\n\n* log4j: Unsafe deserialization flaw in Chainsaw log viewer [eap-7.1.z] (CVE-2022-23307)\n\n* netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header [eap-7.1.z] (CVE-2019-20445)\n\n* log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender [eap-7.1.z] (CVE-2021-4104)\n\n* undertow: HTTP/2: flood using SETTINGS frames results in unbounded memory growth [eap-7.1.z] (CVE-2019-9515)\n\n* infinispan-core: infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods [eap-7.1.z] (CVE-2019-10174)\n\n* log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender [eap-7.1.z] (CVE-2022-23305)\n\n* jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution [eap-7.1.z] (CVE-2019-12384)\n\n* wildfly-security-manager: security manager authorization bypass (CVE-2019-14843)\n\n* HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)\n\n* netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers (CVE-2019-16869)\n\n* jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.* (CVE-2019-17531)\n\n* netty: HTTP request smuggling (CVE-2019-20444)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:5856", "url": "https://access.redhat.com/errata/RHSA-2024:5856" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1", "url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1" }, { "category": "external", "summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1/html-single/installation_guide/index", "url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1/html-single/installation_guide/index" }, { "category": "external", "summary": "1703469", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1703469" }, { "category": "external", "summary": "1725807", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1725807" }, { "category": "external", "summary": "1735645", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735645" }, { "category": "external", "summary": "1735744", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735744" }, { "category": "external", "summary": "1735745", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735745" }, { "category": "external", "summary": "1737517", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1737517" }, { "category": "external", "summary": "1741860", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741860" }, { "category": "external", "summary": "1752770", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752770" }, { "category": "external", "summary": "1752980", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752980" }, { "category": "external", "summary": "1758619", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758619" }, { "category": "external", "summary": "1767483", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1767483" }, { "category": "external", "summary": "1772464", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1772464" }, { "category": "external", "summary": "1775293", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1775293" }, { "category": "external", "summary": "1793970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" }, { "category": "external", "summary": "1798509", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798509" }, { "category": "external", "summary": "1798524", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798524" }, { "category": "external", "summary": "1807305", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807305" }, { "category": "external", "summary": "2031667", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031667" }, { "category": "external", "summary": "2041949", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041949" }, { "category": "external", "summary": "2041959", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041959" }, { "category": "external", "summary": "2041967", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041967" }, { "category": "external", "summary": "JBEAP-24826", "url": "https://issues.redhat.com/browse/JBEAP-24826" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_5856.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.7 on RHEL 7 security update", "tracking": { "current_release_date": "2024-12-08T11:16:16+00:00", "generator": { "date": "2024-12-08T11:16:16+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2024:5856", "initial_release_date": "2024-08-26T11:05:47+00:00", "revision_history": [ { "date": "2024-08-26T11:05:47+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-08-26T11:05:47+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-08T11:16:16+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", "product": { "name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1-EUS", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "product": { "name": "eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "product_id": "eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@1.4.18-12.SP12_redhat_00001.1.ep7.el7?arch=src" } } }, { "category": "product_version", "name": "eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "product": { "name": "eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "product_id": "eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty@4.1.45-1.Final_redhat_00001.1.ep7.el7?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "product": { "name": "eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "product_id": "eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.1.13-1.Final_redhat_00001.1.ep7.el7?arch=src" } } }, { "category": "product_version", "name": "eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "product": { "name": "eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "product_id": "eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-commons-beanutils@1.9.4-1.redhat_00002.1.ep7.el7?arch=src" } } }, { "category": "product_version", "name": "eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "product": { "name": "eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "product_id": "eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan@8.2.11-1.SP2_redhat_00001.1.ep7.el7?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "product": { "name": "eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "product_id": "eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.8.11.5-1.redhat_00001.1.ep7.el7?arch=src" } } }, { "category": "product_version", "name": "eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "product": { "name": "eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "product_id": "eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-log4j-jboss-logmanager@1.2.2-1.Final_redhat_00002.1.ep7.el7?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "product": { "name": "eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "product_id": "eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.1.7-2.GA_redhat_00002.1.ep7.el7?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "product": { "name": "eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "product_id": "eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@1.4.18-12.SP12_redhat_00001.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "product": { "name": "eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "product_id": "eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty@4.1.45-1.Final_redhat_00001.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "product": { "name": "eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "product_id": "eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-all@4.1.45-1.Final_redhat_00001.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "product": { "name": "eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "product_id": "eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.1.13-1.Final_redhat_00001.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "product": { "name": "eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "product_id": "eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-commons-beanutils@1.9.4-1.redhat_00002.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "product": { "name": "eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "product_id": "eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan@8.2.11-1.SP2_redhat_00001.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "product": { "name": "eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "product_id": "eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-jdbc@8.2.11-1.SP2_redhat_00001.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "product": { "name": "eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "product_id": "eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-remote@8.2.11-1.SP2_redhat_00001.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "product": { "name": "eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "product_id": "eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-client-hotrod@8.2.11-1.SP2_redhat_00001.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "product": { "name": "eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "product_id": "eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-commons@8.2.11-1.SP2_redhat_00001.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "product": { "name": "eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "product_id": "eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-core@8.2.11-1.SP2_redhat_00001.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "product": { "name": "eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "product_id": "eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.8.11.5-1.redhat_00001.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "product": { "name": "eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "product_id": "eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-log4j-jboss-logmanager@1.2.2-1.Final_redhat_00002.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "product": { "name": "eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "product_id": "eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.1.7-2.GA_redhat_00002.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "product": { "name": "eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "product_id": "eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.1.7-2.GA_redhat_00002.1.ep7.el7?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch" }, "product_reference": "eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src" }, "product_reference": "eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "relates_to_product_reference": "7Server-JBEAP-7.1-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch" }, "product_reference": "eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src" }, "product_reference": "eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "relates_to_product_reference": "7Server-JBEAP-7.1-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch" }, "product_reference": "eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch" }, "product_reference": "eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch" }, "product_reference": "eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch" }, "product_reference": "eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch" }, "product_reference": "eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch" }, "product_reference": "eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src" }, "product_reference": "eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "relates_to_product_reference": "7Server-JBEAP-7.1-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch" }, "product_reference": "eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src" }, "product_reference": "eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "relates_to_product_reference": "7Server-JBEAP-7.1-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch" }, "product_reference": "eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src" }, "product_reference": "eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "relates_to_product_reference": "7Server-JBEAP-7.1-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch" }, "product_reference": "eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch" }, "product_reference": "eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src" }, "product_reference": "eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "relates_to_product_reference": "7Server-JBEAP-7.1-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" }, "product_reference": "eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src" }, "product_reference": "eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "relates_to_product_reference": "7Server-JBEAP-7.1-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch" }, "product_reference": "eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src" }, "product_reference": "eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "relates_to_product_reference": "7Server-JBEAP-7.1-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" }, "product_reference": "eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1-EUS" } ] }, "vulnerabilities": [ { "cve": "CVE-2019-9511", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2019-08-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1741860" } ], "notes": [ { "category": "description", "text": "A flaw was found in HTTP/2. An attacker can request a large amount of data by manipulating window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this queue can consume excess CPU, memory, or both, leading to a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "HTTP/2: large amount of data requests leads to denial of service", "title": "Vulnerability summary" }, { "category": "other", "text": "There are no mitigations available for nghttp2 and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-9511" }, { "category": "external", "summary": "RHBZ#1741860", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741860" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-9511", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9511" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9511", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9511" }, { "category": "external", "summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md" }, { "category": "external", "summary": "https://kb.cert.org/vuls/id/605641/", "url": "https://kb.cert.org/vuls/id/605641/" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/" }, { "category": "external", "summary": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/", "url": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/" } ], "release_date": "2019-08-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-08-26T11:05:47+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:5856" }, { "category": "workaround", "details": "Red Hat Quay 3.0 uses Nginx 1.12 from Red Hat Software Collections. It will be updated once a fixed is released for Software Collections. In the meantime users of Quay can disable http/2 support in Nginx by following these instructions:\n\n1. Copy the Nginx configuration from the quay container to the host\n$ docker cp 3aadf1421ba3:/quay-registry/conf/nginx/ /mnt/quay/nginx\n\n2. Edit the Nginx configuration, removing http/2 support\n$ sed -i \u0027s/http2 //g\u0027 /mnt/quay/nginx/nginx.conf\n\n3. Restart Nginx with the new configuration mounted into the container, eg:\n$ docker run --restart=always -p 443:8443 -p 80:8080 --sysctl net.core.somaxconn=4096 -v /mnt/quay/config:/conf/stack:Z -v /mnt/quay/storage:/datastorage -v /mnt/quay/nginx:/quay-registry/config/nginx:Z -d quay.io/redhat/quay:v3.0.3", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "HTTP/2: large amount of data requests leads to denial of service" }, { "acknowledgments": [ { "names": [ "the Envoy security team" ] } ], "cve": "CVE-2019-9512", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2019-08-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1735645" } ], "notes": [ { "category": "description", "text": "A flaw was found in HTTP/2. Using PING frames and queuing of response PING ACK frames, a flood attack could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "HTTP/2: flood using PING frames results in unbounded memory growth", "title": "Vulnerability summary" }, { "category": "other", "text": "The golang package in Red Hat OpenStack Platform 9 Operational Tools will not be updated for this flaw because it is in technical preview and is retiring as of 24.Aug.2019.\nThis issue did not affect the versions of grafana(embeds golang) as shipped with Red Hat Ceph Storage 2 and Red Hat Gluster Storage 3 as they did not include the support for HTTP/2.\nThe following storage product versions are affected because they include the support for HTTP/2 in:\n* golang as shipped with Red Hat Gluster Storage 3, Red Hat Ceph Storage 2 and Red Hat Ceph Storage 3\n* heketi(embeds golang) as shipped with Red Hat Gluster Storage 3\n* grafana(embeds golang and grpc) as shipped with Red Hat Ceph Storage 3\nThis flaw has no available mitigation for packages golang and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.\n\nAll OpenShift Container Platform RPMs and container images that are built with Go and support HTTP/2 are vulnerable to this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-9512" }, { "category": "external", "summary": "RHBZ#1735645", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735645" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-9512", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9512" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9512", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9512" }, { "category": "external", "summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md" }, { "category": "external", "summary": "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg", "url": "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg" }, { "category": "external", "summary": "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA", "url": "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/" }, { "category": "external", "summary": "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html", "url": "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html" } ], "release_date": "2019-08-13T17:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-08-26T11:05:47+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:5856" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "HTTP/2: flood using PING frames results in unbounded memory growth" }, { "acknowledgments": [ { "names": [ "the Envoy security team" ] } ], "cve": "CVE-2019-9514", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2019-08-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1735744" } ], "notes": [ { "category": "description", "text": "A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RST_STREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "HTTP/2: flood using HEADERS frames results in unbounded memory growth", "title": "Vulnerability summary" }, { "category": "other", "text": "The golang package in Red Hat OpenStack Platform 9 Operational Tools will not be updated for this flaw because it is in technical preview and is retiring as of 24.Aug.2019.\nThis issue did not affect the versions of grafana(embeds golang) as shipped with Red Hat Ceph Storage 2 and Red Hat Gluster Storage 3 as they did not include the support for HTTP/2.\nThe following storage product versions are affected because they include the support for HTTP/2 in:\n* golang as shipped with Red Hat Gluster Storage 3, Red Hat Ceph Storage 2 and Red Hat Ceph Storage 3\n* heketi(embeds golang) as shipped with Red Hat Gluster Storage 3\n* grafana(embeds golang and grpc) as shipped with Red Hat Ceph Storage 3\nThis flaw has no available mitigation for packages golang and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.\n\nAll OpenShift Container Platform RPMs and container images that are built with Go and support HTTP/2 are vulnerable to this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-9514" }, { "category": "external", "summary": "RHBZ#1735744", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735744" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-9514", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9514" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9514", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9514" }, { "category": "external", "summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md" }, { "category": "external", "summary": "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg", "url": "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg" }, { "category": "external", "summary": "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA", "url": "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/" }, { "category": "external", "summary": "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html", "url": "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html" } ], "release_date": "2019-08-13T17:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-08-26T11:05:47+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:5856" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "HTTP/2: flood using HEADERS frames results in unbounded memory growth" }, { "acknowledgments": [ { "names": [ "the Envoy security team" ] } ], "cve": "CVE-2019-9515", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2019-08-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1735745" } ], "notes": [ { "category": "description", "text": "A flaw was found in HTTP/2. Using SETTINGS frames and queuing of SETTINGS ACK frames, a flood could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "HTTP/2: flood using SETTINGS frames results in unbounded memory growth", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the version of grafana(embeds gRPC) as shipped with Red Hat Ceph Storage 3 as it include the support for HTTP/2.\nThis flaw has no available mitigation for nodejs package. It will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-9515" }, { "category": "external", "summary": "RHBZ#1735745", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735745" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-9515", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9515" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9515", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9515" }, { "category": "external", "summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/" }, { "category": "external", "summary": "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html", "url": "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html" } ], "release_date": "2019-08-13T17:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-08-26T11:05:47+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:5856" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "HTTP/2: flood using SETTINGS frames results in unbounded memory growth" }, { "cve": "CVE-2019-10086", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2019-10-31T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1767483" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Apache Commons BeanUtils, where the class property in PropertyUtilsBean is not suppressed by default. This flaw allows an attacker to access the classloader.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src" ], "known_not_affected": [ "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-10086" }, { "category": "external", "summary": "RHBZ#1767483", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1767483" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-10086", "url": "https://www.cve.org/CVERecord?id=CVE-2019-10086" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10086", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10086" }, { "category": "external", "summary": "https://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.4/RELEASE-NOTES.txt", "url": "https://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.4/RELEASE-NOTES.txt" } ], "release_date": "2019-08-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-08-26T11:05:47+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:5856" }, { "category": "workaround", "details": "There is no currently known mitigation for this flaw.", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" }, "products": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default" }, { "cve": "CVE-2019-10174", "cwe": { "id": "CWE-470", "name": "Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)" }, "discovery_date": "2018-10-25T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1703469" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan\u0027s privileges. The attacker can use reflection to introduce new, malicious behavior into the application.", "title": "Vulnerability description" }, { "category": "summary", "text": "infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform\u0027s OpenDaylight contains the vulnerable library. This library is a requirement of other dependencies (Karaf and Hibernate). Under supported deployments, the vulnerable functionality is not utilized. Based on this, no OpenDaylight versions will not be fixed.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch" ], "known_not_affected": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-10174" }, { "category": "external", "summary": "RHBZ#1703469", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1703469" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-10174", "url": "https://www.cve.org/CVERecord?id=CVE-2019-10174" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10174", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10174" } ], "release_date": "2019-11-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-08-26T11:05:47+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:5856" }, { "category": "workaround", "details": "There is no known mitigation for this issue.", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods" }, { "cve": "CVE-2019-12384", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2019-06-25T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1725807" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in FasterXML jackson-databind in versions prior to 2.9.9. The vulnerability would permit polymorphic deserialization of malicious objects using the logback-core gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. Depending on the classpath content, remote code execution may be possible.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack\u0027s OpenDaylight does not use logback in any supported configuration. Therefore, the prerequisites for this vulnerability are not present and OpenDaylight is not affected.\n\nThis vulnerability relies on logback-core (ch.qos.logback.core) being present in the application\u0027s ClassPath. Logback-core is not packaged as an RPM for Red Hat Enterprise Linux or Red Hat Software Collections. Applications using jackson-databind that do not also use logback-core are not impacted by this vulnerability.\n\nThis issue affects the versions of jackson-databind bundled with candlepin as shipped with Red Hat Satellite 6.x. However the affected code is NOT used at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src" ], "known_not_affected": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-12384" }, { "category": "external", "summary": "RHBZ#1725807", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1725807" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-12384", "url": "https://www.cve.org/CVERecord?id=CVE-2019-12384" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-12384", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12384" } ], "release_date": "2019-06-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-08-26T11:05:47+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:5856" }, { "category": "workaround", "details": "The following conditions are needed for an exploit, we recommend avoiding all if possible:\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution" }, { "cve": "CVE-2019-14379", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2019-07-29T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1737517" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the ehcache and logback JNDI gadgets when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: default typing mishandling leading to remote code execution", "title": "Vulnerability summary" }, { "category": "other", "text": "While OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nSimilarly, Satellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src" ], "known_not_affected": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-14379" }, { "category": "external", "summary": "RHBZ#1737517", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1737517" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-14379", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14379" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14379", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14379" } ], "release_date": "2019-07-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-08-26T11:05:47+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:5856" }, { "category": "workaround", "details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: default typing mishandling leading to remote code execution" }, { "cve": "CVE-2019-14843", "cwe": { "id": "CWE-592", "name": "CWE-592" }, "discovery_date": "2019-09-17T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1752980" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests for any requester. This flaw could be used by a malicious app deployed on the app server to access unauthorized information and possibly conduct further attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly-security-manager: security manager authorization bypass", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ], "known_not_affected": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-14843" }, { "category": "external", "summary": "RHBZ#1752980", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752980" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-14843", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14843" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14843", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14843" } ], "release_date": "2019-09-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-08-26T11:05:47+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:5856" }, { "category": "workaround", "details": "This flaw only affects the Security Manager running under JDK 11 or 8. To mitigate exposure to this flaw, do not run under those JDK versions.", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "wildfly-security-manager: security manager authorization bypass" }, { "acknowledgments": [ { "names": [ "Henning Baldersheim", "H\u00e5vard Pettersen" ], "organization": "Verizon Media" } ], "cve": "CVE-2019-14888", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2019-10-25T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1772464" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the Undertow HTTP server listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src" ], "known_not_affected": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-14888" }, { "category": "external", "summary": "RHBZ#1772464", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1772464" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-14888", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14888" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14888", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14888" } ], "release_date": "2020-01-20T12:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-08-26T11:05:47+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:5856" }, { "category": "workaround", "details": "Enable HTTP2 (enable-http2=\"true\") in the undertow\u0027s HTTPS settings.", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS" }, { "cve": "CVE-2019-16869", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2019-09-26T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1758619" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty, where whitespace before the colon in HTTP headers is mishandled. This flaw allows an attacker to cause HTTP request smuggling.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform ships a vulnerable netty library as part of the logging-elasticsearch5 container. ElasticSearch\u0027s security team has stated that this vulnerability does not poses a substantial practical threat to ElasticSearch 6 [1]. We agree that this issue would be difficult to exploit these vulnerabilities on OpenShift Container Platform, so we\u0027re reducing the impact of this issue to moderate and may fix it in the future release.\n\nRed Hat Satellite ships vulnerable netty version embedded in Candlepin, however, is not directly vulnerable since HTTP requests are handled by Tomcat and not netty.\n\n[1] https://github.com/elastic/elasticsearch/issues/49396", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch" ], "known_not_affected": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-16869" }, { "category": "external", "summary": "RHBZ#1758619", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758619" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-16869", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16869" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16869", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16869" } ], "release_date": "2019-09-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-08-26T11:05:47+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:5856" }, { "category": "workaround", "details": "* Use HTTP/2 instead (clear boundaries between requests)\n* Disable reuse of backend connections eg. ```http-reuse never``` in HAProxy or whatever equivalent LB settings", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" }, "products": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers" }, { "cve": "CVE-2019-17531", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2019-11-21T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1775293" } ], "notes": [ { "category": "description", "text": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*", "title": "Vulnerability summary" }, { "category": "other", "text": "Satellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenShift Container Platform does ship the vulnerable component, but does not enable the unsafe conditions needed to exploit, lowering their vulnerability impact.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src" ], "known_not_affected": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-17531" }, { "category": "external", "summary": "RHBZ#1775293", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1775293" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-17531", "url": "https://www.cve.org/CVERecord?id=CVE-2019-17531" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-17531", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17531" } ], "release_date": "2019-10-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-08-26T11:05:47+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:5856" }, { "category": "workaround", "details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*" }, { "cve": "CVE-2019-20444", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2020-01-30T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1798524" } ], "notes": [ { "category": "description", "text": "A HTTP smuggling flaw was found in HttpObjectDecoder.java in Netty in versions prior to version 4.1.44. HTTP headers with an invalid fold, in this case CRLF (carriage return, line feed) without being followed by SP (space) or HTAB (horizontal tab), result in situations where headers can be misread. Data integrity is the highest threat with this vulnerability.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: HTTP request smuggling", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform ships a vulnerable netty library as part of the logging-elasticsearch5 container. ElasticSearch\u0027s security team has stated that the previous vulnerability, CVE-2019-16869, does not pose a substantial practical threat to ElasticSearch 6. We agree that these issues would be difficult to exploit on OpenShift Container Platform so we\u0027re reducing the impact of this issue to moderate and may fix it in the future release.\n\nRed Hat Satellite ships a vulnerable version of netty embedded in Candlepin. However, the flaw can not be triggered in that context, because HTTP requests are handled by Tomcat, not by netty. A future release may fix this.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch" ], "known_not_affected": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-20444" }, { "category": "external", "summary": "RHBZ#1798524", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798524" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-20444", "url": "https://www.cve.org/CVERecord?id=CVE-2019-20444" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20444", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20444" }, { "category": "external", "summary": "https://github.com/elastic/elasticsearch/issues/49396", "url": "https://github.com/elastic/elasticsearch/issues/49396" } ], "release_date": "2020-01-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-08-26T11:05:47+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:5856" }, { "category": "workaround", "details": "* Use HTTP/2 instead (clear boundaries between requests)\n* Disable reuse of backend connections eg. ```http-reuse never``` in HAProxy or whatever equivalent LB settings", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "netty: HTTP request smuggling" }, { "cve": "CVE-2019-20445", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2020-01-20T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1798509" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty before version 4.1.44, where it accepted multiple Content-Length headers and also accepted both Transfer-Encoding, as well as Content-Length headers where it should reject the message under such circumstances. In circumstances where Netty is used in the context of a server, it could result in a viable HTTP smuggling vulnerability.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform ships a vulnerable netty library as part of the logging-elasticsearch5 container. ElasticSearch\u0027s security team has stated that the previous vulnerability, CVE-2019-16869, does not poses a substantial practical threat to ElasticSearch 6 [1]. We agree that this issue would be difficult to exploit both these vulnerabilities on OpenShift Container Platform, so we\u0027re reducing the impact of this issue to moderate and may fix it in the future release.\n\nRed Hat Satellite ships a vulnerable version of netty embedded in Candlepin. However, the flaw can not be triggered in that context, because HTTP requests are handled by Tomcat, not by netty. A future release may fix this.\n\n[1] https://github.com/elastic/elasticsearch/issues/49396", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch" ], "known_not_affected": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-20445" }, { "category": "external", "summary": "RHBZ#1798509", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798509" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-20445", "url": "https://www.cve.org/CVERecord?id=CVE-2019-20445" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20445", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20445" } ], "release_date": "2020-01-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-08-26T11:05:47+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:5856" }, { "category": "workaround", "details": "* Use HTTP/2 instead (clear boundaries between requests)\n* Disable reuse of backend connections eg. ```http-reuse never``` in HAProxy or whatever equivalent LB settings", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header" }, { "cve": "CVE-2020-1710", "cwe": { "id": "CWE-113", "name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)" }, "discovery_date": "2019-12-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1793970" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in JBoss EAP, where it does not process the header field-name in accordance with RFC7230. Whitespace between the header field-name and colon is processed, resulting in an HTTP response code of 200 instead of a bad request of 400.", "title": "Vulnerability description" }, { "category": "summary", "text": "EAP: field-name is not parsed in accordance to RFC7230", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1710" }, { "category": "external", "summary": "RHBZ#1793970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1710", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1710" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-08-26T11:05:47+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:5856" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "EAP: field-name is not parsed in accordance to RFC7230" }, { "acknowledgments": [ { "names": [ "Steve Zapantis", "Robert Roberson", "taktakdb4g" ] } ], "cve": "CVE-2020-1745", "cwe": { "id": "CWE-285", "name": "Improper Authorization" }, "discovery_date": "2020-02-24T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1807305" } ], "notes": [ { "category": "description", "text": "A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances where the vulnerable server allows file uploads, an attacker could upload malicious JavaServer Pages (JSP) code within a variety of file types and trigger this vulnerability to gain remote code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: AJP File Read/Inclusion Vulnerability", "title": "Vulnerability summary" }, { "category": "other", "text": "Please refer to the Red Hat knowledgebase article: https://access.redhat.com/solutions/4851251 and CVE page https://access.redhat.com/security/cve/cve-2020-1938", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src" ], "known_not_affected": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1745" }, { "category": "external", "summary": "RHBZ#1807305", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807305" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1745", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1745" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1745", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1745" }, { "category": "external", "summary": "https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert/", "url": "https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert/" }, { "category": "external", "summary": "https://www.cnvd.org.cn/webinfo/show/5415", "url": "https://www.cnvd.org.cn/webinfo/show/5415" }, { "category": "external", "summary": "https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487", "url": "https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487" } ], "release_date": "2020-02-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-08-26T11:05:47+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:5856" }, { "category": "workaround", "details": "Please refer to the Red Hat knowledgebase article: https://access.redhat.com/solutions/4851251", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", "version": "3.1" }, "products": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "undertow: AJP File Read/Inclusion Vulnerability" }, { "acknowledgments": [ { "names": [ "Fedorov Oleksii", "Keitaro Yamazaki", "Shiga Ryota" ], "organization": "LINE Corporation" } ], "cve": "CVE-2020-1757", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2019-09-09T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1752770" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow, where the servlet container causes the servletPath to normalize incorrectly by truncating the path after the semicolon. The flaw may lead to application mapping, resulting in a security bypass.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src" ], "known_not_affected": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1757" }, { "category": "external", "summary": "RHBZ#1752770", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752770" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1757", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1757" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1757", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1757" } ], "release_date": "2018-12-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-08-26T11:05:47+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:5856" }, { "category": "workaround", "details": "The issue can be mitigated by configuring UrlPathHelper to ignore the servletPath via setting \"alwaysUseFullPath\".", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.0" }, "products": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass" }, { "cve": "CVE-2021-4104", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-12-13T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2031667" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSAppender in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if the deployed application is configured to use JMSAppender and to the attacker\u0027s JNDI LDAP endpoint.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender", "title": "Vulnerability summary" }, { "category": "other", "text": "Based on the conditions to be exploitable (see details below), the risk is much lower than Log4j 2.x and Red Hat has assessed this to be Moderate severity. This flaw has been filed for Log4j 1.x, and the corresponding flaw information for Log4j 2.x is available at: https://access.redhat.com/security/cve/CVE-2021-44228\n\nNote this flaw ONLY affects applications which are specifically configured to use JMSAppender, which is not the default, or when the attacker has write access to the Log4j configuration for adding JMSAppender to the attacker\u0027s JNDI LDAP endpoint. \n\nIf the Log4j configuration is set TopicBindingName or TopicConnectionFactoryBindingName configurations allowing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228 Log4j 2.x, Log4j 1.x is vulnerable. However, the attack vector is reduced as it depends on having write access, which is not a standard configuration rather than untrusted user input. These are sufficient factors beyond the attacker\u0027s control.\n\nThe tomcat package shipped with Red Hat Enterprise Linux does not include log4j but it does include a default configuration for log4j, log4j.properties, which could be used with tomcat if users choose to install and configure the library. The JMSAppender is not enabled by default, and the permissions of the file can only be modified as root.\n\nRed Hat Virtualization ships log4j12-1.2.17, but it is used and configured in a way which makes this flaw not possible to exploit. Therefore impact is rated Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src" ], "known_not_affected": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-4104" }, { "category": "external", "summary": "RHBZ#2031667", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031667" }, { "category": "external", "summary": "RHSB-2021-009", "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-4104", "url": "https://www.cve.org/CVERecord?id=CVE-2021-4104" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-4104", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4104" }, { "category": "external", "summary": "https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126", "url": "https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126" }, { "category": "external", "summary": "https://github.com/apache/logging-log4j2/pull/608#issuecomment-991723301", "url": "https://github.com/apache/logging-log4j2/pull/608#issuecomment-991723301" }, { "category": "external", "summary": "https://lists.apache.org/thread/0x4zvtq92yggdgvwfgsftqrj4xx5w0nx", "url": "https://lists.apache.org/thread/0x4zvtq92yggdgvwfgsftqrj4xx5w0nx" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2021/12/13/1", "url": "https://www.openwall.com/lists/oss-security/2021/12/13/1" } ], "release_date": "2021-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-08-26T11:05:47+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:5856" }, { "category": "workaround", "details": "These are the possible mitigations for this flaw for releases version 1.x:\n\n- Comment out or remove JMSAppender in the Log4j configuration if it is used\n- Remove the JMSAppender class from the classpath. For example:\n```\nzip -q -d log4j-*.jar org/apache/log4j/net/JMSAppender.class\n```\n- Restrict access for the OS user on the platform running the application to prevent modifying the Log4j configuration by the attacker.", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender" }, { "cve": "CVE-2022-23302", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-18T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2041949" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink", "title": "Vulnerability summary" }, { "category": "other", "text": "Note this flaw ONLY affects applications which are specifically configured to use JMSSink, which is not the default, or when the attacker has write access to the Log4j configuration for adding JMSSink to the attacker\u0027s JNDI LDAP endpoint.\n\nRed Hat Satellite bundles log4j-over-slf4j with Candlepin, however, product is not affected as it uses logback framework for logging.\n\nRed Hat Virtualization and OpenShift Container Platform in the OCP Metering stack (the Hive/Presto/Hadoop components) ship a vulnerable version of the log4j package, however JMSSink is not used. Therefore the impact of this vulnerability for these products is rated Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src" ], "known_not_affected": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23302" }, { "category": "external", "summary": "RHBZ#2041949", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041949" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23302", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23302" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23302", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23302" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2022/01/18/3", "url": "https://www.openwall.com/lists/oss-security/2022/01/18/3" } ], "release_date": "2022-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-08-26T11:05:47+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:5856" }, { "category": "workaround", "details": "These are the possible mitigations for this flaw for releases version 1.x:\n\n- Comment out or remove JMSSink in the Log4j configuration if it is used\n- Remove the JMSSink class from the server\u0027s jar files. For example:\n```\nzip -q -d log4j-*.jar org/apache/log4j/net/JMSSink.class\n```\n- Restrict access for the OS user on the platform running the application to prevent modifying the Log4j configuration by the attacker.", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink" }, { "cve": "CVE-2022-23305", "cwe": { "id": "CWE-89", "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)" }, "discovery_date": "2022-01-18T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2041959" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Java logging library Apache Log4j in version 1.x. JDBCAppender in Log4j 1.x is vulnerable to SQL injection in untrusted data. This allows a remote attacker to run SQL statements in the database if the deployed application is configured to use JDBCAppender with certain interpolation tokens.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender", "title": "Vulnerability summary" }, { "category": "other", "text": "Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default.\n\nRed Hat Satellite bundles log4j-over-slf4j with Candlepin, however, product is not affected as it uses logback framework for logging.\n\nRed Hat Virtualization and OpenShift Container Platform in the OCP Metering stack (the Hive/Presto/Hadoop components) ship a vulnerable version of the log4j package, however JDBCAppender is not used. Therefore the impact of this vulnerability for these products is rated Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src" ], "known_not_affected": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23305" }, { "category": "external", "summary": "RHBZ#2041959", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041959" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23305", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23305" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23305", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23305" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2022/01/18/4", "url": "https://www.openwall.com/lists/oss-security/2022/01/18/4" } ], "release_date": "2022-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-08-26T11:05:47+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:5856" }, { "category": "workaround", "details": "These are the possible mitigations for this flaw for releases version 1.x:\n\n- Comment out or remove JDBCAppender in the Log4j configuration if it is used\n- Remove the JDBCAppender class from the server\u0027s jar files. For example:\n```\nzip -q -d log4j-*.jar org/apache/log4j/jdbc/JDBCAppender.class\n```", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender" }, { "cve": "CVE-2022-23307", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-18T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2041967" } ], "notes": [ { "category": "description", "text": "A flaw was found in the log4j 1.x chainsaw component, where the contents of certain log entries are deserialized and possibly permit code execution. This flaw allows an attacker to send a malicious request with serialized data to the server to be deserialized when the chainsaw component is run.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j: Unsafe deserialization flaw in Chainsaw log viewer", "title": "Vulnerability summary" }, { "category": "other", "text": "Chainsaw is a standalone graphical user interface for viewing log entries in log4j. This flaw may be bypassed by using other available means to access log entries.\n\nRed Hat Satellite bundles log4j-over-slf4j with Candlepin, however, product is not affected as it uses logback framework for logging.\n\nRed Hat Virtualization ships a vulnerable version of the log4j package, however chainsaw is not part of typical use cases. An attacker looking to exploit this would need to not only be able to generate a malicious log entry, but also have the necessary access and permissions to start chainsaw on the engine node. Therefore the impact of this vulnerability for Red Hat Virtualization is rated Low.\n\nSimilar to Red Hat Virtualization in OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of log4j package, however vulnerable chainsaw component is not used by default. Therefore the impact to OCP is reduced to Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src" ], "known_not_affected": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23307" }, { "category": "external", "summary": "RHBZ#2041967", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041967" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23307", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23307" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23307", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23307" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2022/01/18/5", "url": "https://www.openwall.com/lists/oss-security/2022/01/18/5" } ], "release_date": "2022-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-08-26T11:05:47+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:5856" }, { "category": "workaround", "details": "These are the mitigations available for this flaw for log4j 1.x:\n- Avoid using Chainsaw to view logs, and instead use some other utility, especially if there is a log view available within the product itself.\n- Remove the Chainsaw classes from the log4j jar files. For example:\n```\nzip -q -d log4j-*.jar org/apache/log4j/chainsaw/*\n```\n(log4j jars may be nested in zip archives within product)", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-jdbc-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-cachestore-remote-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-client-hotrod-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-commons-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-infinispan-core-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.45-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.7-2.GA_redhat_00002.1.ep7.el7.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "log4j: Unsafe deserialization flaw in Chainsaw log viewer" } ] }
gsd-2020-1710
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
The issue appears to be that JBoss EAP 6.4.21 does not parse the field-name in accordance to RFC7230[1] as it returns a 200 instead of a 400.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2020-1710", "description": "The issue appears to be that JBoss EAP 6.4.21 does not parse the field-name in accordance to RFC7230[1] as it returns a 200 instead of a 400.", "id": "GSD-2020-1710", "references": [ "https://access.redhat.com/errata/RHSA-2020:3779", "https://access.redhat.com/errata/RHSA-2020:3642", "https://access.redhat.com/errata/RHSA-2020:3639", "https://access.redhat.com/errata/RHSA-2020:3638", "https://access.redhat.com/errata/RHSA-2020:3637", "https://access.redhat.com/errata/RHSA-2020:3539", "https://access.redhat.com/errata/RHSA-2020:3501", "https://access.redhat.com/errata/RHSA-2020:3464", "https://access.redhat.com/errata/RHSA-2020:3463", "https://access.redhat.com/errata/RHSA-2020:3462", "https://access.redhat.com/errata/RHSA-2020:3461" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2020-1710" ], "details": "The issue appears to be that JBoss EAP 6.4.21 does not parse the field-name in accordance to RFC7230[1] as it returns a 200 instead of a 400.", "id": "GSD-2020-1710", "modified": "2023-12-13T01:21:57.501400Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2020-1710", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JBoss Enterprise Application Platform", "version": { "version_data": [ { "version_value": "EAP 6.4.21" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The issue appears to be that JBoss EAP 6.4.21 does not parse the field-name in accordance to RFC7230[1] as it returns a 200 instead of a 400." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Improper Neutralization of CRLF Sequences in HTTP Headers" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" } ] } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:redhat:jboss_data_grid:-:*:*:*:text-only:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:jboss_data_grid:7.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:-:*:*:*:text-only:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2020-1710" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "The issue appears to be that JBoss EAP 6.4.21 does not parse the field-name in accordance to RFC7230[1] as it returns a 200 instead of a 400." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970", "refsource": "MISC", "tags": [ "Issue Tracking", "Vendor Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" } ] } }, "impact": { "baseMetricV2": { "acInsufInfo": false, "cvssV2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false }, "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 1.4 } }, "lastModifiedDate": "2020-09-22T20:20Z", "publishedDate": "2020-09-16T15:15Z" } } }
ghsa-xqwp-g97m-cxpr
Vulnerability from github
Published
2022-05-24 17:28
Modified
2024-04-04 03:03
Severity ?
Details
The issue appears to be that JBoss EAP 6.4.21 does not parse the field-name in accordance to RFC7230[1] as it returns a 200 instead of a 400.
{ "affected": [], "aliases": [ "CVE-2020-1710" ], "database_specific": { "cwe_ids": [], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2020-09-16T15:15:00Z", "severity": "MODERATE" }, "details": "The issue appears to be that JBoss EAP 6.4.21 does not parse the field-name in accordance to RFC7230[1] as it returns a 200 instead of a 400.", "id": "GHSA-xqwp-g97m-cxpr", "modified": "2024-04-04T03:03:14Z", "published": "2022-05-24T17:28:25Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710" }, { "type": "WEB", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "type": "CVSS_V3" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.